Google Redirect Virus

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Google Redirect Virus3rd August 2011, 12:45 pm

just to confrim i extracted the files from Maxhandle.exe and ran 'hand.bat' as it would not allow me to run by double clicking the maxhandle icon saved onto my desktop

Maxhandle.txt:

Run from on 03/08/2011 at 13:43:03.10

found C:\WINDOWS\system32\config\rkdannio

Re: Google Redirect Virus3rd August 2011, 2:34 pm

Run TDSSKiller as you did in post 10. Post this log please.

Re: Google Redirect Virus3rd August 2011, 2:56 pm

Downloaded to desktop new TDSSkiller
Unbale to run , same message each time i attempt to run it brings a request for which program to download/open file with - Adobe, media player, windows picture viewer etc etc

I Have saved to C:Drive and right clicked and tried 'run as'

Warning appears- Can't initialize log'
followed by
'Can't load driver'

I have tried renaming the application and carried out both the above, desktop and C:Drive withe the same results

Re: Google Redirect Virus3rd August 2011, 4:13 pm

TDSSkiller needs to be on your destop. Then, make sure extensions are shown, see here how to do this.

Then run TDSSkiller.

Re: Google Redirect Virus3rd August 2011, 5:05 pm

TDSSkiller on desktop, file extensions shown but same errors

Warning appears- Can't initialize log'
followed by
'Can't load driver'

When i boot up the pc it get the following error messagae

'UScroL setup has encountered a problem and needs to close'

Not sure if this causes and issues.

Re: Google Redirect Virus3rd August 2011, 5:20 pm

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Google Redirect Virus - Page 2 AswMBR_Scan-1

Note: Do not take action against any **Rootkit** entries until I have reviewed the log.

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Re: Google Redirect Virus3rd August 2011, 6:20 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 19:05:39
-----------------------------
19:05:39.000 OS Version: Windows 5.1.2600 Service Pack 3
19:05:39.000 Number of processors: 1 586 0xD08
19:05:39.000 ComputerName: ABEXL0002 UserName:
19:05:39.609 Initialize success
19:06:53.312 AVAST engine defs: 11080301
19:07:41.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:07:41.156 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
19:07:43.515 Disk 0 MBR read successfully
19:07:43.515 Disk 0 MBR scan
19:07:43.546 Disk 0 Windows XP default MBR code
19:07:43.546 Disk 0 scanning sectors +117210240
19:07:43.750 Disk 0 scanning C:\WINDOWS\system32\drivers
19:07:57.375 Service scanning
19:07:58.859 Modules scanning
19:08:03.390 Disk 0 trace - called modules:
19:08:03.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
19:08:03.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fc75e0]
19:08:03.421 3 CLASSPNP.SYS[f7587fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f5c940]
19:08:03.843 AVAST engine scan C:\WINDOWS
19:08:20.343 AVAST engine scan C:\WINDOWS\system32
19:10:18.281 File: C:\WINDOWS\system32\wuauclt.exe.vir **INFECTED** Win32:Patched-WQ [Trj]
19:10:22.453 AVAST engine scan C:\WINDOWS\system32\drivers
19:10:38.921 AVAST engine scan C:\Documents and Settings\abbeyfield
19:10:40.500 File: C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc2409671.txt **INFECTED** Win32:MalOb-DT [Cryp]
19:11:34.562 File: C:\Documents and Settings\abbeyfield\Application Data\Sun\Java\Deployment\cache\6.0\63\5f91807f-5e90eac4 **INFECTED** Win32:Trojan-gen
19:17:14.937 AVAST engine scan C:\Documents and Settings\All Users
19:18:51.968 Scan finished successfully
19:19:26.328 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:19:26.375 The log file has been saved successfully to "E:\aswMBR.txt"

Re: Google Redirect Virus4th August 2011, 2:47 pm

ComboFix should run and finish but, let's remove AVG:

Use the uninstaller below:

Please download AppRemover to your Desktop. Double-click AppRemover.exe.
Google Redirect Virus - Page 2 Excl

Untick Enable anonymous usage statistic.
Click Next>>. Select AVG and click Next>>.
By clicking Next>> again, AppRemover will start the uninstall process. This may take a few minutes.
Once completed you may be prompted to restart your system. Please do so.

Note

If AVG is not listed. Rerun AppRemover and select to "Clean Up a Failed Uninstall" Select AVG follow the promts.

Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

And following the intructions in the ComboFix post. And post the log please.

Re: Google Redirect Virus4th August 2011, 5:07 pm

installed Appremover, ran as instructed but nothing found.

Downloaded and ran ComboFix as Commyfix, does not compete, has run for 2 hours.

Shall i rerun and leave until complete?

Re: Google Redirect Virus4th August 2011, 6:00 pm

ComboFix takes at least 20-30 minutes to finish if needed. So two hours is to long.

On your keyboard press Ctrl-Alt-Delete to bring up Task Manager. Open Task Manager and click the “New Task” button. Then and copy/paste following bolded text into the Create New Task box and click OK:

"%userprofile%\Desktop\Commy.exe"

ComboFix should run again. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply.

Re: Google Redirect Virus4th August 2011, 8:10 pm

Done as above. Combofix starts and then the following message appears

'Scanning for infected files...
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double'

Nothing else happens. Cursor flashing on next line

tried twice for well over 30 minutes with no end. I have to reboot as it does not let me close down

Re: Google Redirect Virus5th August 2011, 5:28 pm

Are you able to use this PC in normal mode? Also, do you have access to a XP windows CD?

Re: Google Redirect Virus8th August 2011, 10:07 am

I can boot up in normal mode though everything is extremely slow.
I do not have access to an XP Windows cd.

Re: Google Redirect Virus8th August 2011, 7:01 pm

though everything is extremely slow.

This PC is still infected that is why your PC is slow. I like for you to run cureit

Click here to download Dr.Web CureIt and save it to your desktop.

Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Re: Google Redirect Virus9th August 2011, 12:47 pm

Jdr.exe.#ir;C:\WINDOWS\temp;Probably Trojan.Packed.194;Incurable.Deleted.;
gnp.exe.vir;C:\Documents and Settings\NetworkService\Local Settings\Application Data;Probably Trojan.Packed.194;Incurable.Deleted.;
VikPev00;C:\Fixyou;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
VikPev00;C:\Fixyou18967F;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
VikPev00;C:\Fixyou7619F;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
Reader_sl.exe.vir;C:\Program Files\Adobe\Reader 9.0\Reader;Probably Trojan.Packed.194;Incurable.Deleted.;
atiptaxx.exe.vir;C:\Program Files\ATI Technologies\ATI Control Panel;Probably Trojan.Packed.194;Incurable.Deleted.;
BTHelpNotifier.exe.vir;C:\Program Files\BT Business Broadband Desktop Help\btbb;Probably Trojan.Packed.194;Incurable.Deleted.;
AdobeARM.exe.vir;C:\Program Files\Common Files\Adobe\ARM\1.0;Probably Trojan.Packed.194;Incurable.Deleted.;
jusched.exe.vir;C:\Program Files\Common Files\Java\Java Update;Probably Trojan.Packed.194;Incurable.Deleted.;
LVPrcSrv.exe.vir;C:\Program Files\Common Files\LogiShrd\LVMVFM;Trojan.Starter.1695;Cured.;
McciCMService.exe.vir;C:\Program Files\Common Files\Motive;Trojan.Starter.1695;Cured.;
HPWuSchd2.exe.vir;C:\Program Files\Hewlett-Packard\HP Software Update;Probably Trojan.Packed.194;Incurable.Deleted.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
EvtEng.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
ifrmewrk.exe.vir;C:\Program Files\Intel\Wireless\Bin;Probably Trojan.Packed.194;Incurable.Moved.;
RegSrvc.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
S24EvMon.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
WLKEEPER.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
ZCfgSvc.exe.vir;C:\Program Files\Intel\Wireless\Bin;Probably Trojan.Packed.194;Incurable.Moved.;
jqs.exe.vir;C:\Program Files\Java\jre6\bin;Trojan.Starter.1695;Cured.;
amclient.exe.vir;C:\Program Files\LANDesk\LDClient;Probably Trojan.Packed.194;Incurable.Moved.;
issuser.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
LDIScn32.exe.vir;C:\Program Files\LANDesk\LDClient;Probably Trojan.Packed.194;Incurable.Moved.;
LocalSch.EXE.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
SoftMon.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
tmcsvc.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
sdclientmonitor.exe.vir;C:\Program Files\LANDesk\LDClient\WebPortal;Probably Trojan.Packed.194;Incurable.Moved.;
residentAgent.exe.vir;C:\Program Files\LANDesk\Shared Files;Trojan.Starter.1695;Cured.;
GrooveMonitor.exe.vir;C:\Program Files\Microsoft Office\Office12;Probably Trojan.Packed.194;Incurable.Moved.;
qttask .exe.vir;C:\Program Files\QuickTime;Probably Trojan.Packed.194;Incurable.Moved.;
qttask.exe.vir;C:\Program Files\QuickTime;Probably Trojan.Packed.194;Incurable.Moved.;
rasl2tp.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Maxplus.13;Incurable.Moved.;
A0001011.com.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Probably Trojan.Packed.194;Incurable.Moved.;
A0008020.exe.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Trojan.PWS.Siggen.19141;Incurable.Moved.;
A0008021.exe.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Probably Trojan.Packed.194;Incurable.Moved.;
A0008024.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Trojan.DownLoad2.32296;Deleted.;
A0026078.scr;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP2;Trojan.MulDrop2.44246;Incurable.Moved.;
A0030216.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP2;Probably Trojan.Packed.191;Incurable.Moved.;
Desktop(2).ini.vir;C:\WINDOWS\assembly\GAC_MSIL;BackDoor.Siggen.30798;Incurable.Moved.;
Jdr.exe.#ir;C:\WINDOWS\Temp;Probably Trojan.Packed.194;Invalid path to file ;
Scan2pc .exe.vir;C:\WINDOWS\twain_32\Samsung\CLX3170;Probably Trojan.Packed.194;Incurable.Moved.;
Scan2pc.exe.vir;C:\WINDOWS\twain_32\Samsung\CLX3170;Probably Trojan.Packed.194;Incurable.Moved.;

Re: Google Redirect Virus9th August 2011, 10:00 pm

Let's see what we have now. Scan again with OTL use the same link and instructions as the first time you ran OTL. Post both logs please.

Re: Google Redirect Virus10th August 2011, 8:35 pm

When running OTL scan an error messsage appears

'm' is not a valid integer value

I then have to click 'ok' to continue but the scan freezes and does not complete

Re: Google Redirect Virus11th August 2011, 8:53 pm

A lot of the tools is not working with this PC. Problem with these infections nowadays is, it causes a lot of damage. Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. Format and Reinstall Windows at this point, might be the best thing to do. Let's see if we can download a fresh copy and run OTL another way as in the folowing:

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Re: Google Redirect Virus12th August 2011, 11:10 am

rebooting my Pc is now taking a very long time . Desktop is taking 5-10 minutes to appear.

Have re-run OTL in std mode and this time it completed with no error messages.

OTL logfile created on: 12/08/2011 11:51:22 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 684.38 Mb Available Physical Memory | 67.40% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 31.97 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
PRC - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/10/13 11:41:27 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/19 05:24:52 | 000,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2006/02/19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/19 02:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2004/12/15 08:07:44 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

========== Modules (SafeList) ==========

MOD - [2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (WLANKEEPER) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (Softmon) LANDesk(R)
SRV - File not found [Auto | Stopped] -- -- (S24EventMonitor) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (RegSrvc) Intel(R)
SRV - File not found [Unknown | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (ISSUSER)
SRV - File not found [Auto | Stopped] -- -- (Intel Targeted Multicast)
SRV - File not found [Auto | Stopped] -- -- (Intel Local Scheduler Service)
SRV - File not found [Auto | Stopped] -- -- (EvtEng) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (CBA8) LANDesk(R)
SRV - [2011/02/08 09:46:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)

========== Driver Services (SafeList) ==========

DRV - [2010/05/19 17:00:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/19 17:00:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/14 23:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 23:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010/05/14 23:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 23:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/25 12:44:40 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/07/01 16:48:34 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2005/07/01 16:48:34 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2005/07/01 16:48:34 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 14:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74e7098000000000000000166f634dee&tlver=1.4.19.19&affID=17162

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://csg.abbeyfield.com/http/webgateway/Citrix/AccessPlatform1/auth/silentDetection.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://csg.abbeyfield.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 20:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/19 12:18:31 | 000,000,000 | ---D | M]

[2011/03/07 15:45:20 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/08/11 15:38:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] File not found
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [ATIPTA] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] File not found
O4 - HKLM..\Run: [GrooveMonitor] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAPMClient] File not found
O4 - HKLM..\Run: [IntelWireless] File not found
O4 - HKLM..\Run: [IntelZeroConfig] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LANDeskInventoryClient] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SDClientMonitor] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [acxcfg90] C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\abbeyfield\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227621843437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227627097437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 16:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/12 10:50:52 | 000,208,705 | ---- | M] () - C:\Automated Summary Timesheet Template.xlsx -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 11:36:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/08/08 20:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\DoctorWeb
[2011/08/08 11:02:50 | 000,000,000 | --SD | C] -- C:\Commy
[2011/08/04 16:12:47 | 004,164,501 | R--- | C] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Commy.exe
[2011/08/04 16:00:51 | 006,615,552 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\abbeyfield\Desktop\AppRemover.exe
[2011/08/03 19:01:52 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\abbeyfield\Desktop\aswMBR.exe
[2011/08/03 15:49:30 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/08/03 13:38:35 | 000,520,496 | ---- | C] (Sysinternals) -- C:\WINDOWS\Listdlls.exe
[2011/08/03 13:38:32 | 000,423,288 | ---- | C] (Sysinternals) -- C:\WINDOWS\handle.exe
[2011/07/29 14:10:17 | 000,000,000 | --SD | C] -- C:\Fixyou7619F
[2011/07/29 13:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/29 13:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/29 13:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dC00000NgAeB00000
[2011/07/29 13:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent
[2011/07/28 20:15:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 09:24:26 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/25 18:32:02 | 000,000,000 | --SD | C] -- C:\Fixyou18967F
[2011/07/25 17:14:13 | 000,000,000 | --SD | C] -- C:\Fixyou
[2011/07/15 21:51:00 | 000,000,000 | ---D | C] -- C:\WIP
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/12 11:50:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 11:45:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/08/11 15:38:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/11 15:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/08/11 15:16:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/11 15:15:43 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\Nujsfzfpfq.job
[2011/08/09 13:38:19 | 000,004,429 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\DrWeb.csv
[2011/08/09 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/08/09 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/08/09 11:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/08/09 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/08/09 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/08/08 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/08/08 21:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/08/08 20:33:34 | 073,800,760 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\drweb-cureit.exe
[2011/08/04 20:30:08 | 004,164,501 | R--- | M] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Commy.exe
[2011/08/04 15:59:08 | 006,615,552 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\abbeyfield\Desktop\AppRemover.exe
[2011/08/03 19:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/08/03 18:57:36 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\abbeyfield\Desktop\aswMBR.exe
[2011/08/03 18:12:01 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp1
[2011/08/03 18:12:01 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp2
[2011/08/03 18:11:58 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp0
[2011/08/03 18:11:58 | 000,000,011 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp4
[2011/08/03 18:11:58 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp3
[2011/08/03 14:56:06 | 000,803,104 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\maxhandle.exe
[2011/08/03 13:28:14 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\fix.reg
[2011/08/02 21:10:56 | 000,693,498 | ---- | M] () -- C:\Documents and Settings\abbeyfield\rebuilt.maxhandle.rar
[2011/07/31 21:22:23 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/07/29 17:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/07/29 16:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/07/29 14:27:32 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eFRY0wSh4.dat
[2011/07/29 14:23:49 | 000,016,672 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 14:23:49 | 000,016,672 | -HS- | M] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:58:33 | 000,012,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3708712179
[2011/07/29 13:55:33 | 000,068,096 | RHS- | M] () -- C:\WINDOWS\System32\d3dxofz.dll
[2011/07/29 13:54:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/07/27 09:25:09 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 09:24:49 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/25 13:27:51 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 13:09:31 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/09 13:38:19 | 000,004,429 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\DrWeb.csv
[2011/08/08 20:38:05 | 073,800,760 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\drweb-cureit.exe
[2011/08/03 19:16:47 | 000,803,104 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\maxhandle.exe
[2011/08/03 15:00:33 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp1
[2011/08/03 15:00:33 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp2
[2011/08/03 15:00:30 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp0
[2011/08/03 15:00:30 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp4
[2011/08/03 15:00:30 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp3
[2011/08/03 13:38:30 | 000,210,717 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\Handle.zip
[2011/08/03 13:37:09 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\fix.reg
[2011/08/02 21:10:55 | 000,693,498 | ---- | C] () -- C:\Documents and Settings\abbeyfield\rebuilt.maxhandle.rar
[2011/07/29 14:26:46 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eFRY0wSh4.dat
[2011/07/29 13:56:59 | 000,016,672 | -HS- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:56:59 | 000,012,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3708712179
[2011/07/29 13:55:34 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\Nujsfzfpfq.job
[2011/07/29 13:55:33 | 000,068,096 | RHS- | C] () -- C:\WINDOWS\System32\d3dxofz.dll
[2011/07/29 13:55:29 | 000,016,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:55:29 | 000,016,024 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/07/15 21:24:59 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/13 11:49:50 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xucneurc.sys
[2011/07/13 10:15:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/13 10:15:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/13 10:15:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/13 10:15:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/13 10:15:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/12 20:44:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\irnfrnvp.sys
[2011/07/12 20:20:53 | 000,004,407 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\CB6A.565
[2011/06/26 17:56:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cssfx.sys
[2011/06/23 16:45:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\punvj0rj43t4v6
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\punvj0rj43t4v6
[2011/03/07 15:45:23 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/10/04 11:02:41 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/10/04 11:02:14 | 000,011,650 | -H-- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\SmarThruOptions.xml
[2010/10/04 11:01:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2010/10/04 11:01:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2010/10/04 10:59:20 | 000,113,768 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
[2010/10/04 10:54:05 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2010/10/04 10:53:25 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010/10/04 10:53:25 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010/10/04 10:53:24 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010/10/04 10:53:24 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010/10/04 10:53:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010/05/18 12:52:23 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 22:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 22:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/10 12:14:25 | 000,117,469 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/30 16:16:38 | 000,069,063 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/04/30 16:16:37 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/04/09 12:26:07 | 001,821,566 | ---- | C] () -- C:\Program Files\FSCaptureSetup65.exe
[2010/03/17 16:11:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\fusioncache.dat
[2010/03/17 15:25:08 | 000,110,436 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/03/17 15:25:07 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/03/09 12:45:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/23 13:38:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/26 13:51:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\ENABLING.INI
[2008/11/24 17:34:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/11/24 16:42:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/24 16:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/24 16:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/24 16:04:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,444,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,072,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/12 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Arqiok
[2011/07/12 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\AVG9
[2011/03/07 15:46:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\BabylonToolbar
[2009/02/23 17:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\ICAClient
[2011/07/12 20:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Ilyfe
[2010/11/09 12:41:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Leadertech
[2010/03/09 13:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\MSNInstaller
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Omem
[2010/09/02 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Participatory Culture Foundation
[2011/03/24 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\PCF-VLC
[2011/07/25 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Shareaza
[2010/10/04 11:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\SmarThru4
[2011/07/29 16:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Spotify
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Xuezus
[2011/07/13 10:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/04 12:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bIi06511gCdCp06511
[2011/03/15 12:07:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/29 13:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dC00000NgAeB00000
[2011/06/23 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/31 21:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/08/09 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/08/09 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/08/09 11:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/08/09 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/08/09 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/08/11 15:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/07/29 16:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/07/29 17:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/08/03 19:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/08/08 21:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/08/08 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/08/11 15:15:43 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Nujsfzfpfq.job
[2011/08/11 15:16:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Pictures:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Albums:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Adele 21:Shareaza.GUID

< End of report >

Re: Google Redirect Virus12th August 2011, 11:10 am

OTL Extras logfile created on: 12/08/2011 11:51:22 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 684.38 Mb Available Physical Memory | 67.40% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 31.97 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe:*:Enabled:InstallCore™
"C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe" = C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe:*:Disabled:Samsung Printer Connector -- (Samsung Printer)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe:*:Disabled:Hewlett-Packard Product Assistant -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe:*:Disabled:Logitech Updater -- (Logitech, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Citrix\ICA Client\wfica32.exe" = C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix Client Engine -- (Citrix Systems, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Disabled:mcci+McciBrowser -- (Alcatel-Lucent)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Disabled:mcci+McciTrayApp
"C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Disabled:Apple Software Update -- (Apple Inc.)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:Java(TM) Update Scheduler
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" = C:\Program Files\LANDesk\LDClient\LDISCN32.EXE:*:Enabled:Inventory Scanner for Windows
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe:*:Enabled:0.7029722626396282
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe:*:Enabled:0.15735610579295667
"C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe" = C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe:*:Disabled:mmc102.exe
"C:\Documents and Settings\abbeyfield\Application Data\dwm.exe" = C:\Documents and Settings\abbeyfield\Application Data\dwm.exe:*:Disabled:dwm
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe:*:Disabled:csrss
"C:\ComboFix\ComboFix-Download.cfxxe" = C:\ComboFix\ComboFix-Download.cfxxe:*:Enabled:ComboFix-Download
"C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe" = C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"BTBusinessHub" = BTBusinessHub
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 6.6
"GoToAssist" = GoToAssist Corporate
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Spotify" = Spotify
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2011 10:59:10 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:14 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:49 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:03 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:08 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:11 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:36 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a6f118.

Error - 11/08/2011 11:07:01 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 11/08/2011 11:17:42 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 12/08/2011 06:50:51 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

[ Application Events ]
Error - 04/08/2011 10:59:10 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:14 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:49 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:03 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:08 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:11 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:36 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a6f118.

Error - 11/08/2011 11:07:01 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 11/08/2011 11:17:42 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 12/08/2011 06:50:51 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

[ OSession Events ]
Error - 16/08/2010 11:53:19 | Computer Name = ABEXL0002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/08/2011 06:54:01 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:01 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:06 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:06 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:07 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:07 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

< End of report >

Re: Google Redirect Virus12th August 2011, 4:40 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:processes killallprocesses :OTL O4 - HKLM..\Run: [3170 Scan2PC] File not found O4 - HKLM..\Run: [Adobe ARM] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [btbb_McciTrayApp] File not found O4 - HKLM..\Run: [GrooveMonitor] File not found O4 - HKLM..\Run: [IntelAPMClient] File not found O4 - HKLM..\Run: [IntelWireless] File not found O4 - HKLM..\Run: [IntelZeroConfig] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LANDeskInventoryClient] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O18 - Protocol\Handler\msdaipp - No CLSID value found O34 - HKLM BootExecute: (autocheck autochk *) - File not found :Files C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb C:\Documents and Settings\All Users\Application Data\3708712179 C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb C:\WINDOWS\System32\d3dxofz.dll C:\WINDOWS\Tasks\At*.job ipconfig /release /c ipconfig /renew /c ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Google Redirect Virus13th August 2011, 10:06 am

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3170 Scan2PC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATIPTA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\btbb_McciTrayApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelAPMClient deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelWireless deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelZeroConfig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LANDeskInventoryClient deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb moved successfully.
C:\Documents and Settings\All Users\Application Data\3708712179 moved successfully.
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb moved successfully.
C:\WINDOWS\System32\d3dxofz.dll moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: abbeyfield
->Temp folder emptied: 222624710 bytes
->Temporary Internet Files folder emptied: 69746995 bytes
->Java cache emptied: 724574 bytes
->Flash cache emptied: 150424 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 6894215 bytes
->Flash cache emptied: 1328 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146594482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 131640378 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3580502 bytes

Total Files Cleaned = 557.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: abbeyfield
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08132011_105522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Google Redirect Virus14th August 2011, 3:09 pm

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Re: Google Redirect Virus15th August 2011, 8:22 pm

When i boot up the PC each time before i reach my desktop i receive a warning pop up box with the header:

c:\windows\system32\themeui.dll

There are also several symbols before this. This header changes each time i load up my PC

I then need to press ok to continue, it then loads my desktop.

Here is the log from ESET scanner

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 01:48:55
# local_time=2011-08-15 02:48:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31969505 31969505 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=684
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 01:55:32
# local_time=2011-08-15 02:55:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31970258 31970258 0 0
# compatibility_mode=8192 67108863 100 0 903 903 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=328
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 02:53:32
# local_time=2011-08-15 03:53:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31970877 31970877 0 0
# compatibility_mode=8192 67108863 100 0 1522 1522 0 0
# scanned=22897
# found=17
# cleaned=0
# scan_time=3189
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0001011.com.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008020.exe.vir Win32/TrojanClicker.VB.NMH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008021.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\amclient.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Desktop(2).ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\GrooveMonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ifrmewrk.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Jdp.exe a variant of Win32/Injector.HZU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\LDIScn32.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\rasl2tp.sys.vir Win32/Rootkit.Agent.NUS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\sdclientmonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ZCfgSvc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll a variant of Win32/Sefnit.BN trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 04:25:40
# local_time=2011-08-15 05:25:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31979436 31979436 0 0
# compatibility_mode=8192 67108863 100 0 10081 10081 0 0
# scanned=847
# found=0
# cleaned=0
# scan_time=158
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 04:35:28
# local_time=2011-08-15 05:35:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31979708 31979708 0 0
# compatibility_mode=8192 67108863 100 0 10353 10353 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=473
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 05:42:26
# local_time=2011-08-15 06:42:26 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31980307 31980307 0 0
# compatibility_mode=8192 67108863 100 0 10952 10952 0 0
# scanned=49813
# found=18
# cleaned=0
# scan_time=3892
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0001011.com.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008020.exe.vir Win32/TrojanClicker.VB.NMH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008021.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\amclient.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Desktop(2).ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\GrooveMonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ifrmewrk.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Jdp.exe a variant of Win32/Injector.HZU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\LDIScn32.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\rasl2tp.sys.vir Win32/Rootkit.Agent.NUS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\sdclientmonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ZCfgSvc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll a variant of Win32/Sefnit.BN trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Sefnit.BN trojan 00000000000000000000000000000000 I

Re: Google Redirect Virus17th August 2011, 11:08 am

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:processes killallprocesses :OTL :Files C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll :Commands [Reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Update Run Malwarebytes

Launch Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Re: Google Redirect Virus17th August 2011, 1:24 pm

========== PROCESSES ==========
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08172011_142059

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Google Redirect Virus17th August 2011, 1:47 pm

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7435

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/08/2011 14:47:21
mbam-log-2011-08-17 (14-47-21).txt

Scan type: Quick scan
Objects scanned: 160860
Time elapsed: 19 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Google Redirect Virus22nd August 2011, 11:22 am

Re: Google Redirect Virus23rd August 2011, 11:31 am

How is your computer running?

Re: Google Redirect Virus23rd August 2011, 1:59 pm

When i boot up the PC each time before i reach my desktop i receive a warning pop up box with the header:

c:\windows\system32\*****(various letters and/or numbers usually followed by dll)
There are also several symbols before this. This header changes each time i load up my PC

I then need to press ok to continue, it then loads my desktop.

System still running slowly

Re: Google Redirect Virus23rd August 2011, 3:17 pm

Please download MySystem-Search from one of the following links:

Download mirror 1

Download mirror 2

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Re: Google Redirect Virus23rd August 2011, 5:48 pm

MySystem-Search

MSS v1.7

Basic System Information

Username: abbeyfield - Date: 23/08/2011 - Time: 17:16:38

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 13 Stepping 8, GenuineIntel
Total processors: 1
Computer Name: ABEXL0002
Logon Server: \\ABEXL0002

CD Emulation Drivers running?

Peer-to-Peer applications?

Security Tools Check

Malwarebytes' Anti-Malware
TDSSKiller

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

PROCESS PID PRIO PATH
smss.exe 536 Normal C:\WINDOWS\System32\smss.exe
avgchsvx.exe 576 Normal C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
csrss.exe 740 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 768 High C:\WINDOWS\system32\winlogon.exe
services.exe 812 Normal C:\WINDOWS\system32\services.exe
lsass.exe 824 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 996 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1080 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1124 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1252 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1356 Normal C:\WINDOWS\system32\svchost.exe
rundll32.exe 1544 Normal C:\WINDOWS\system32\rundll32.exe
spoolsv.exe 1536 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1616 Normal C:\WINDOWS\system32\svchost.exe
avgwdsvc.exe 1660 Normal C:\Program Files\AVG\AVG10\avgwdsvc.exe
pds.exe 1732 Normal C:\WINDOWS\system32\CBA\pds.exe
svchost.exe 1852 Normal C:\WINDOWS\system32\svchost.exe
AVGIDSAgent.exe 1972 Normal C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
avgam.exe 484 Normal C:\Program Files\AVG\AVG10\avgam.exe
avgnsx.exe 500 Normal C:\Program Files\AVG\AVG10\avgnsx.exe
alg.exe 348 Normal C:\WINDOWS\System32\alg.exe
avgcsrvx.exe 1992 Normal C:\Program Files\AVG\AVG10\avgcsrvx.exe
Explorer.EXE 4040 Normal C:\WINDOWS\Explorer.EXE
hkcmd.exe 984 Normal C:\WINDOWS\system32\hkcmd.exe
igfxsrvc.exe 2132 Normal C:\WINDOWS\system32\igfxsrvc.exe
igfxpers.exe 2232 Normal C:\WINDOWS\system32\igfxpers.exe
hpztsb12.exe 2260 Normal C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
HPWuSchd2.exe 2304 Normal C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
SSMMgr.exe 2424 Normal C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
LWS.exe 296 Normal C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
avgtray.exe 2508 Normal C:\Program Files\AVG\AVG10\avgtray.exe
ctfmon.exe 2548 Normal C:\WINDOWS\system32\ctfmon.exe
hpqtra08.exe 2708 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
ONENOTEM.EXE 2860 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
CameraHelperShell.exe 2936 Normal C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
COCIManager.exe 3256 Normal C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
avgcsrvx.exe 3320 Normal C:\Program Files\AVG\AVG10\avgcsrvx.exe
hpqimzone.exe 3428 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
svchost.exe 3580 Normal C:\WINDOWS\System32\svchost.exe
avgidsmonitor.exe 3660 Normal C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
hpqSTE08.exe 3888 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
LULnchr.exe 2632 Normal C:\Program Files\Logitech\LWS\LU\LULnchr.exe
LogitechUpdate.exe 2616 Normal C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
IEXPLORE.EXE 2696 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
IEXPLORE.EXE 3056 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
avgrsx.exe 3464 Normal C:\PROGRA~1\AVG\AVG10\avgrsx.exe
avgcsrvx.exe 1008 Normal C:\Program Files\AVG\AVG10\avgcsrvx.exe
IEXPLORE.EXE 3232 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
mss.exe 1200 Normal C:\Documents and Settings\abbeyfield\Desktop\mss.exe
cmd.exe 2752 Normal C:\WINDOWS\system32\cmd.exe
pv.exe 2368 Normal C:\Documents and Settings\abbeyfield\Desktop\pv.exe

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xf7d9ae06
ProfileLoadTimeHigh REG_DWORD 0x1cc61ae
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xf68be4ce
ProfileLoadTimeHigh REG_DWORD 0x1cc61ae
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-725345543-602609370-1417001333-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\abbeyfield
Sid REG_BINARY 01050000000000051500000007E53B2BDA16EB2375B97554EB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x4c6edfe
ProfileLoadTimeHigh REG_DWORD 0x1cc61af
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
OGALogon.job
desktop.ini
Nujsfzfpfq.job
SA.DAT

Windows Drivers and NT-Services

Volume in drive C is Local Disk
Volume Serial Number is 74E7-0980

Directory of C:\Windows\System32\Drivers

Volume in drive C is Local Disk
Volume Serial Number is 74E7-0980

Directory of C:\Windows\System32\Drivers

17/08/2001 13:11 96,640 b57xp32.sys
17/08/2001 14:48 12,160 mouhid.sys
17/08/2001 14:59 3,072 audstub.sys
17/03/2004 13:04 13,059 mdmxsdk.sys
17/07/2004 12:35 67,866 netwlan5.img
17/07/2004 12:36 64,352 ativmc20.cod
17/07/2004 23:55 129,045 cxthsfs2.cty
03/08/2004 23:29 327,040 ati2mtaa.sys
03/08/2004 23:29 57,856 atinbtxx.sys
03/08/2004 23:29 12,047 ati1pdxx.sys
03/08/2004 23:29 56,623 ati1btxx.sys
03/08/2004 23:29 11,615 ati1mdxx.sys
03/08/2004 23:29 13,824 atinmdxx.sys
03/08/2004 23:29 52,224 atinraxx.sys
03/08/2004 23:29 14,336 atinpdxx.sys
03/08/2004 23:29 104,960 atinrvxx.sys
03/08/2004 23:29 31,744 atinxbxx.sys
03/08/2004 23:29 28,672 atinsnxx.sys
03/08/2004 23:29 34,735 ati1xsxx.sys
03/08/2004 23:29 29,455 ati1xbxx.sys
03/08/2004 23:29 36,463 ati1tuxx.sys
03/08/2004 23:29 21,343 ati1ttxx.sys
03/08/2004 23:29 26,367 ati1snxx.sys
03/08/2004 23:29 13,824 atinttxx.sys
03/08/2004 23:29 63,488 atinxsxx.sys
03/08/2004 23:29 73,216 atintuxx.sys
03/08/2004 23:29 30,671 ati1raxx.sys
03/08/2004 23:29 63,663 ati1rvxx.sys
03/08/2004 23:29 452,736 mtxparhm.sys
03/08/2004 23:29 11,807 wadv07nt.sys
03/08/2004 23:29 11,295 wadv08nt.sys
03/08/2004 23:29 11,935 wadv11nt.sys
03/08/2004 23:29 11,871 wadv09nt.sys
03/08/2004 23:29 25,471 watv10nt.sys
03/08/2004 23:29 22,271 watv06nt.sys
03/08/2004 23:29 166,912 s3gnbm.sys
03/08/2004 23:29 1,897,408 nv4_mini.sys
03/08/2004 23:41 1,309,184 mtlstrm.sys
03/08/2004 23:41 180,360 ntmtlfax.sys
03/08/2004 23:41 13,776 recagent.sys
03/08/2004 23:41 126,686 mtlmnt5.sys
03/08/2004 23:41 129,535 slnt7554.sys
03/08/2004 23:41 404,990 slntamr.sys
03/08/2004 23:41 13,240 slwdmsup.sys
03/08/2004 23:41 95,424 slnthal.sys
03/08/2004 23:41 220,032 hsfbs2s2.sys
03/08/2004 23:41 685,056 hsfcxts2.sys
03/08/2004 23:41 1,041,536 hsfdpsp2.sys
04/08/2004 11:00 17,792 ptilink.sys
04/08/2004 11:00 352,256 atmuni.sys
04/08/2004 11:00 3,328 pciide.sys
04/08/2004 11:00 6,784 parvdm.sys
04/08/2004 11:00 3,456 oprghdlr.sys
04/08/2004 11:00 55,936 nwlnkspx.sys
04/08/2004 11:00 63,232 nwlnknb.sys
04/08/2004 11:00 12,160 fsvga.sys
04/08/2004 11:00 3,328 dxgthk.sys
04/08/2004 11:00 32,512 nwlnkfwd.sys
04/08/2004 11:00 646 gmreadme.txt
04/08/2004 11:00 51,712 tosdvd.sys
04/08/2004 11:00 12,416 nwlnkflt.sys
04/08/2004 11:00 3,440,660 gm.dls
04/08/2004 11:00 8,832 rasacd.sys
04/08/2004 11:00 12,032 ws2ifsl.sys
04/08/2004 11:00 16,512 raspti.sys
04/08/2004 11:00 21,376 tsbvcap.sys
04/08/2004 11:00 34,432 rawwan.sys
04/08/2004 11:00 4,224 beep.sys
04/08/2004 11:00 2,944 null.sys
04/08/2004 11:00 4,224 rdpcdd.sys
04/08/2004 11:00 12,032 nikedrv.sys
04/08/2004 11:00 11,648 acpiec.sys
04/08/2004 11:00 12,032 rio8drv.sys
04/08/2004 11:00 12,032 riodrv.sys
04/08/2004 11:00 5,888 rootmdm.sys
04/08/2004 11:00 13,952 cbidf2k.sys
04/08/2004 11:00 58,112 vdmindvd.sys
04/08/2004 11:00 18,688 cdaudio.sys
04/08/2004 11:00 4,736 usbd.sys
04/08/2004 11:00 10,496 dxapi.sys
04/08/2004 11:00 4,352 wmilib.sys
04/08/2004 11:00 4,224 mnmdd.sys
04/08/2004 11:00 5,888 dmload.sys
04/08/2004 11:00 14,592 smclib.sys
04/08/2004 11:00 262,528 cinemst2.sys
04/08/2004 11:00 7,936 fs_rec.sys
04/08/2004 11:00 7,680 mcd.sys
04/08/2004 11:00 31,360 atmepvc.sys
04/08/2004 11:00 11,776 cpqdap01.sys
04/08/2004 11:00 125,056 ftdisk.sys
04/08/2004 11:00 32,896 ipfltdrv.sys
13/12/2004 22:14 39,904 cercsr6.sys
11/01/2005 14:18 800,768 ati2mtag.sys
10/03/2005 17:56 273,168 STAC97.sys
03/05/2005 12:56 129,405 del1028.cty
03/05/2005 16:08 705,408 HSF_CNXT.sys
03/05/2005 16:08 208,384 HSFHWICH.sys
03/05/2005 16:09 1,033,728 HSF_DPV.SYS
01/07/2005 16:48 11,904 ldblank.sys
01/07/2005 16:48 3,712 mirrorflt.sys
01/07/2005 16:48 3,328 ldmirror.sys
19/08/2005 03:00 2,560 cdralw2k.sys
19/08/2005 03:00 46,080 pxhelp20.sys
19/08/2005 03:00 2,432 cdr4_xp.sys
14/10/2005 16:15 1,302,812 ialmnt5.sys
13/04/2006 01:04 16,496 HPZipr12.sys
13/04/2006 01:04 21,568 HPZius12.sys
13/04/2006 01:04 49,664 HPZid412.sys
28/09/2006 19:55 77,568 WudfPf.sys
28/09/2006 20:00 82,944 WudfRd.sys
18/10/2006 21:00 38,528 wpdusb.sys
18/01/2007 11:24 26,496 RimSerial.sys
08/02/2007 14:51 2,209,408 w29n51.sys
21/02/2007 12:16 12,416 s24trans.sys
13/04/2008 17:36 144,384 hdaudbus.sys
13/04/2008 17:39 20,480 secdrv.sys
13/04/2008 17:39 142,592 aec.sys
13/04/2008 18:45 15,104 usbscan.sys
13/04/2008 19:31 35,840 processr.sys
13/04/2008 19:31 42,752 p3.sys
13/04/2008 19:31 37,376 amdk6.sys
13/04/2008 19:31 36,352 intelppm.sys
13/04/2008 19:31 36,736 crusoe.sys
13/04/2008 19:31 37,760 amdk7.sys
13/04/2008 19:32 66,048 udfs.sys
13/04/2008 19:32 30,848 npfs.sys
13/04/2008 19:32 19,072 msfs.sys
13/04/2008 19:32 180,608 mrxdav.sys
13/04/2008 19:32 196,224 rdpdr.sys
13/04/2008 19:32 129,792 fltmgr.sys
13/04/2008 19:33 44,544 fips.sys
13/04/2008 19:34 163,584 nwrdr.sys
13/04/2008 19:36 14,208 battc.sys
13/04/2008 19:36 5,888 smbali.sys
13/04/2008 19:36 187,776 acpi.sys
13/04/2008 19:36 13,952 cmbatt.sys
13/04/2008 19:36 10,240 compbatt.sys
13/04/2008 19:36 42,368 agp440.sys
13/04/2008 19:36 42,752 alim1541.sys
13/04/2008 19:36 43,008 amdagp.sys
13/04/2008 19:36 44,928 agpcpq.sys
13/04/2008 19:36 40,960 sisagp.sys
13/04/2008 19:36 42,240 viaagp.sys
13/04/2008 19:36 44,672 uagp35.sys
13/04/2008 19:36 46,464 gagp30kx.sys
13/04/2008 19:36 63,744 mf.sys
13/04/2008 19:36 37,248 isapnp.sys
13/04/2008 19:36 120,192 pcmcia.sys
13/04/2008 19:36 68,224 pci.sys
13/04/2008 19:36 79,232 sdbus.sys
13/04/2008 19:36 15,488 mssmbios.sys
13/04/2008 19:36 73,472 sr.sys
13/04/2008 19:38 71,168 dxg.sys
13/04/2008 19:39 92,544 mqac.sys
13/04/2008 19:39 42,368 mountmgr.sys
13/04/2008 19:39 384,768 update.sys
13/04/2008 19:39 24,576 kbdclass.sys
13/04/2008 19:39 23,040 mouclass.sys
13/04/2008 19:39 14,592 kbdhid.sys
13/04/2008 19:39 5,504 MSTEE.sys
13/04/2008 19:39 5,376 mspclock.sys
13/04/2008 19:39 4,992 mspqm.sys
13/04/2008 19:39 7,552 mskssrv.sys
13/04/2008 19:39 4,352 swenum.sys
13/04/2008 19:40 80,128 parport.sys
13/04/2008 19:40 15,744 serenum.sys
13/04/2008 19:40 20,480 flpydisk.sys
13/04/2008 19:40 27,392 fdc.sys
13/04/2008 19:40 57,600 redbook.sys
13/04/2008 19:40 5,504 intelide.sys
13/04/2008 19:40 24,960 pciidex.sys
13/04/2008 19:40 96,384 scsiport.sys
13/04/2008 19:40 96,512 atapi.sys
13/04/2008 19:40 14,208 diskdump.sys
13/04/2008 19:40 62,976 cdrom.sys
13/04/2008 19:40 11,904 sffdisk.sys
13/04/2008 19:40 36,352 disk.sys
13/04/2008 19:40 11,008 sffp_sd.sys
13/04/2008 19:40 10,240 sffp_mmc.sys
13/04/2008 19:40 11,392 sfloppy.sys
13/04/2008 19:40 19,712 partmgr.sys
13/04/2008 19:40 14,976 tape.sys
13/04/2008 19:40 42,112 imapi.sys
13/04/2008 19:41 52,352 volsnap.sys
13/04/2008 19:43 14,208 wacompen.sys
13/04/2008 19:43 12,672 mutohpen.sys
13/04/2008 19:44 81,664 videoprt.sys
13/04/2008 19:44 20,992 vga.sys
13/04/2008 19:44 153,344 dmio.sys
13/04/2008 19:44 799,744 dmboot.sys
13/04/2008 19:45 52,864 dmusic.sys
13/04/2008 19:45 6,272 splitter.sys
13/04/2008 19:45 172,416 kmixer.sys
13/04/2008 19:45 56,576 swmidi.sys
13/04/2008 19:45 60,032 USBAUDIO.sys
13/04/2008 19:45 2,944 drmkaud.sys
13/04/2008 19:45 60,160 drmk.sys
13/04/2008 19:45 49,408 stream.sys
13/04/2008 19:45 24,960 hidparse.sys
13/04/2008 19:45 19,200 hidir.sys
13/04/2008 19:45 36,864 hidclass.sys
13/04/2008 19:45 10,368 hidusb.sys
13/04/2008 19:45 46,592 irbus.sys
13/04/2008 19:45 20,608 usbuhci.sys
13/04/2008 19:45 30,208 usbehci.sys
13/04/2008 19:45 143,872 usbport.sys
13/04/2008 19:45 59,520 usbhub.sys
13/04/2008 19:45 26,368 usbstor.sys
13/04/2008 19:45 32,128 usbccgp.sys
13/04/2008 19:45 25,600 usbcamd.sys
13/04/2008 19:45 25,728 usbcamd2.sys
13/04/2008 19:45 15,872 usbintel.sys
13/04/2008 19:46 25,344 sonydcam.sys
13/04/2008 19:46 121,984 usbvideo.sys
13/04/2008 19:46 10,880 NdisIP.sys
13/04/2008 19:46 15,232 StreamIP.sys
13/04/2008 19:46 11,136 SLIP.sys
13/04/2008 19:46 17,024 CCDECODE.sys
13/04/2008 19:46 19,200 WSTCODEC.SYS
13/04/2008 19:46 85,248 NABTSFEC.sys
13/04/2008 19:46 18,944 bthusb.sys
13/04/2008 19:46 25,600 hidbth.sys
13/04/2008 19:46 36,480 bthprint.sys
13/04/2008 19:46 59,136 rfcomm.sys
13/04/2008 19:46 17,024 bthenum.sys
13/04/2008 19:46 37,888 bthmodem.sys
13/04/2008 19:47 25,856 usbprint.sys
13/04/2008 19:51 61,824 nic1394.sys
13/04/2008 19:51 59,904 atmarpc.sys
13/04/2008 19:51 60,800 arp1394.sys
13/04/2008 19:51 55,808 atmlane.sys
13/04/2008 19:51 101,120 bthpan.sys
13/04/2008 19:53 40,320 nmnt.sys
13/04/2008 19:53 71,552 bridge.sys
13/04/2008 19:53 36,608 ip6fw.sys
13/04/2008 19:54 11,264 irenum.sys
13/04/2008 19:55 14,592 ndisuio.sys
13/04/2008 19:56 12,288 tunmp.sys
13/04/2008 19:56 34,688 netbios.sys
13/04/2008 19:56 88,320 nwlnkipx.sys
13/04/2008 19:56 35,072 msgpc.sys
13/04/2008 19:56 69,120 psched.sys
13/04/2008 19:56 12,800 usb8023x.sys
13/04/2008 19:56 12,800 usb8023.sys
13/04/2008 19:56 30,592 rndismpx.sys
13/04/2008 19:56 30,592 rndismp.sys
13/04/2008 19:57 20,864 ipinip.sys
13/04/2008 19:57 152,832 ipnat.sys
13/04/2008 19:57 34,560 wanarp.sys
13/04/2008 19:57 10,112 ndistapi.sys
13/04/2008 19:57 14,336 asyncmac.sys
13/04/2008 19:57 41,472 raspppoe.sys
13/04/2008 20:00 19,072 tdi.sys
13/04/2008 20:00 30,080 modem.sys
13/04/2008 20:14 63,744 cdfs.sys
13/04/2008 20:14 143,744 fastfat.sys
13/04/2008 20:15 64,512 serial.sys
13/04/2008 20:15 574,976 ntfs.sys
13/04/2008 20:15 60,800 sysaudio.sys
13/04/2008 20:16 49,536 classpnp.sys
13/04/2008 20:16 141,056 ks.sys
13/04/2008 20:17 83,072 wdmaud.sys
13/04/2008 20:18 52,480 i8042prt.sys
13/04/2008 20:19 75,264 ipsec.sys
13/04/2008 20:19 146,048 portcls.sys
13/04/2008 20:19 51,328 rasl2tp.svs
13/04/2008 20:19 48,384 raspptp.sys
13/04/2008 20:20 182,656 ndis.sys
13/04/2008 20:20 91,520 ndiswan.sys
13/04/2008 20:21 162,816 netbt.sys
13/04/2008 20:28 175,744 rdbss.sys
14/04/2008 01:11 4,255 adv01nt5.dll
14/04/2008 01:11 3,711 adv09nt5.dll
14/04/2008 01:11 3,967 adv02nt5.dll
14/04/2008 01:11 3,135 adv08nt5.dll
14/04/2008 01:11 3,615 adv05nt5.dll
14/04/2008 01:11 3,775 adv11nt5.dll
14/04/2008 01:11 3,647 adv07nt5.dll
14/04/2008 01:11 17,279 atv10nt5.dll
14/04/2008 01:11 14,143 atv06nt5.dll
14/04/2008 01:11 25,471 atv04nt5.dll
14/04/2008 01:11 11,359 atv02nt5.dll
14/04/2008 01:11 21,183 atv01nt5.dll
14/04/2008 01:11 15,423 ch7xxnt5.dll
14/04/2008 01:12 3,901 siint5.dll
14/04/2008 01:12 11,325 vchnt5.dll
14/04/2008 01:13 40,840 termdd.sys
14/04/2008 01:13 12,040 tdpipe.sys
14/04/2008 01:13 21,896 tdtcp.sys
14/04/2008 01:13 139,656 rdpwd.sys
08/05/2008 15:02 203,136 rmcast.sys
13/06/2008 12:05 272,128 bthport.sys
20/06/2008 12:51 361,600 tcpip.sys
24/11/2008 15:57 disdn
24/11/2008 17:38 21,425 AegisP.sys
26/11/2008 13:22 UMDF
25/03/2009 12:44 38,400 DgivEcp.sys
24/06/2009 12:18 92,928 ksecdd.sys
20/10/2009 17:20 265,728 http.sys
11/02/2010 13:02 226,880 tcpip6.sys
07/05/2010 19:29 69,592 LVFaL100.cfg
07/05/2010 19:30 227,172 LVFeL100.cfg
07/05/2010 19:30 146,680 LVFeL101.cfg
07/05/2010 19:30 85,302 LVFeL102.cfg
07/05/2010 19:43 25,824 LVPr2Mon.sys
07/05/2010 19:46 14,168 iKeyLFT2.dll
14/05/2010 22:47 266,828 LVAFT.cfg
14/05/2010 23:02 114,784 lvpopflt.sys
14/05/2010 23:02 276,448 lvrs.sys
14/05/2010 23:04 6,842,592 lvuvc.sys
14/05/2010 23:04 23,904 lvuvcflt.sys
02/11/2010 16:17 40,960 ndproxy.sys
09/11/2010 12:40 0 logiflt.iad
07/01/2011 06:41 248,656 avgldx86.sys
10/02/2011 07:53 24,144 AVGIDSFilter.sys
10/02/2011 07:53 27,216 AVGIDSShim.sys
16/02/2011 14:22 138,496 afd.sys
17/02/2011 14:18 357,888 srv.sys
22/02/2011 08:13 22,992 AVGIDSEH.sys
01/03/2011 14:25 34,896 avgmfx86.sys
16/03/2011 16:03 32,592 avgrkx86.sys
05/04/2011 00:59 297,168 avgtdix.sys
14/04/2011 21:28 134,480 AVGIDSDriver.sys
21/04/2011 14:37 105,472 mup.sys
29/04/2011 17:19 456,320 mrxsmb.sys
26/06/2011 17:56 54,016 cssfx.sys
06/07/2011 19:52 41,272 mbamswissarmy.sys
06/07/2011 19:52 22,712 mbam.sys
12/07/2011 20:44 54,016 irnfrnvp.sys
13/07/2011 11:49 54,016 xucneurc.sys
15/07/2011 21:18 51,328 rasl2tp.sys
13/08/2011 10:55 etc
15/08/2011 21:30 ..
15/08/2011 21:30 .
23/08/2011 14:44 AVG
329 File(s) 42,113,196 bytes
6 Dir(s) 39,485,743,104 bytes free

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivDiscUiShown REG_DWORD 0x1
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY E716BA6B6FB1CA01
SyncMode5 REG_DWORD 0x4
GlobalUserOffline REG_DWORD 0x0
maxhttpredirects REG_DWORD 0x270f
5 REG_BINARY 2D422A4C6459AC4BBEF3D26317BD506EE6B7F8F25D8050D8FD01D5545A6E42DE91E2381B53EE07A15E69B246087E345F977FF98178F8C4B155DBDB5C4F13
4 REG_BINARY D53D5344AB3010340F911FB83738FB127CE7FC5579F5322F6349B64A011233219A29C5225C4BE2D1DC556B21867646D747749016420C6F124F6E3552620D2D5F98E3D57E1BB79ACCE67FA0B5D606472C8DD25C8B2B75A64534E44DB22FBCE362CC9E01214C73256E147BCA7BD5F9BE52668D2F4C9D959AC223AC01E9B623AC761F5B17EEDECE292A51DE798D1858A34C4E4F796FC85DB3A333C8DB931DF9955601224B5B5A1C4E6E8781D6E05F79976E4C5178B0FFD7B70F5F1FD61784DBB436576A68016BC56DE36AF3D28909CBC7B75B03C45B530B87CD46D9FC14F5A7314879413163BAF89D496DE4B5E906309529CF0D55D1212EFA920D45624D3875BA6FEC0CD25464948E6662DFEF677E9A772C282D11D219BF0E0F056F1BEB2269910DB7F2AE5C60FD590E34CA27BFCFFDC86B8459AB7B1D684C80EBDBA388B077A8DDF3CD08E476A1240FBB56E4E64279B68A8500FF8B0C50A0A4D2C299FCB0791A9689A227AEFBEFBBEFB712EB4C5B1EAD11C45449CA94362150B30A300AD069909B0048D96C711271245D4BE329DC7B46F3A74CA908B2A58AF077F53ED60F938F9EBE919C6233AA45DF3EFAF9C9422AEBA81E813E15743D18146A0A0F1A20B46F54F977F6D81CFD48A68745478919E82D269E895C7162319E5E6DFCD0B7EA2DD9669AEA2888CA3D30DB448351C8AA4170F109268D6BA8D5F73976BE3B6F9B1C6A473E90E134559BA7651959F4207208134268BF6E036A183D09EB64EFD576EBF42869EEF7362B65CBECB8368C701B8E5C27D569E2CE2B7FBDC54459444B09D19AAD5B2A04350BEBB68980465C8085C079EED40BB2D3759CEC0EA806E4D0ABFA2BAA0D4D56202DF21924644F09A848F85907A8C8895E444BB950740AE941C5F841896221E06B6DF846F27DE5624578ACFC2D3C0F794448F362CE12C75DFF14E79E1D3EEF8501BA51EFDE405FFF24CB69CF954BAC650F619170326F2AAF8C11F5B5D60B63BBD9714CB1203134A453F4EEDF4259A24829B0CA17F8655B310348716AFCC65BE7CA408768EEDAEC009CFEE7CAD7BA6ED28DCFDE74C8E57B03A8C60980DCC4FB37C845D36DBB645E11B65819A0D8A54BEB2B7EEA83064421160AD6A3F869CD73CAAA923771B4FD4919BAA7369D7EF32FC59B893BC17805243EFBEC94C9DC30D3E260411106CD09EFDFBF7177CB3EFF14B23BCEA87A2E0EC9201BDA35D54D021D145F44FDCA197CD569E9C596A2E846B19E3A938946DA1FB346E2D855F14251A039BBC7E27F8C712F81EAA9045B148F8AE8437581946574D9D24F46A112AE12A8BE1AAECE09047A14D8A9A71642A867201EA307314845D2B3B06D3952A5BC563BDE9C3623904873FB2DB108111DCCE6B0632ED281A6F8758772F20C76766658811882FDFDBB43FC5F993A7A1E50187962E32AE127C0F22648981529C20DA98D7D75BD25E857AB6A844A4EB41B8AEA36FAE0020A2CD5906E7977E986EC7EA098C886A9A085148F68AD2C26FF50CB70D303F5EF9FF7C703E0930BCE6E5590EC8A00FEEBF4EA85D2D3D6B4523080B4CD55FFE3D6AD13BD6753ECA88D51B4ED84B193129F8F2D392BE9D07405C9055FC4CDF1304B66A01DEF96AFA0900B047967FC0C5E0F07AD5A258DA3918527878BDA96F0C83D179EE50501E700153DFF4DFBD7825DD344CD587A8233ED23E27E398EBEEFCAF28B893626F92EEE30ADC40452809D25565232519FE62B5318D89509838DE43418E8502794865B1A5A716B74F7530730B9F7B85CB898BE02EEEDC083DA2116AAFB80E37C8C84528F12AD44B6CB8E1DDDA8E1A4B424DEA4D6C6E643CFAEEBC6FC6D650820336DAA7EB59A07074E47329231129C8B8AAF795625738229CAC6B5DAE9071EB756E0024BC72B88A98A66EBB611D2071A200A3BEF6EBFF7007B6C3A67DFFF692F6AEBEB2FFA6510FDC05FD3F596912FE6A9F003A2DD7F529D44A29EDFCBFFB1619BA32AD55E0DB2F87E988EA79F9ACC6E65CC4B339EE735DA93FE37135AEC65C76E7639A5139557F9DAFAF70FA6510916340F22A55BFD73D1C683427769D56017879C2607CDBA78E9970CC6A2538993FA68BE3652CB7E99CF4536227325DD3B1BFF6A5380D61B940A62A4EA4E7CAF2807130A30465D4EF55AA0EA18528D1E474914789959D5265EE961D37E7B165A4BE1145EFC8948829998D0EEE876D1D1D4D319A214DEF59EF9FAAC237215D58371601F188B6AA644F3236E7C5B92DC8E1F5BE9547DF20E4563DF0DCEAF0773AC93463FA2B16CD066F3AB9FDFC89D3F8A61B581240397DA61320790292C26F751F594D683F7FF27ADDEED0D4BB9566923A0614049D6FC946BF00C6A66C600CB9E219FE4D4A228767CB4936AE14215D09FFCBDF39B32220F32A4343434D3CCBB8B5ECF6C07401AF8D0ADDA5B1FEE52F6C3D04BE48CA1A90721E197B8A3587D898AF23AB1511E984CBF031F187AACC5E82C2C4B5EC029C735DEB94D533095A6D96E5A0C3E9FA8CB464AC386501D6C07378AC50021CC3456B96407CD04172135A63588E4390DFB4552A948BD17BDDDCE724F422FF9D7A94ED715534A78D27B772645F91F58E806ECD81C52DBBB8E62E6ADFBC336C562007CFF9265472A8EBCFF0E9D0B52A4B5C4C785EBAA1A93EF283512E406CAA9D59FF300A96CDBBA7B901C0AC185369B252D342F09375DD1DFF835398F9A73817A92A305E8077F0B577D0235312986D867DC4FA9A928B9F0D631C6F914171558849989289D444DE1973DF6DFBD53CD5F48A09544E3497D14615AF39C52D2AC4D6D62BC1FDA5022E9242E78ED620CBF50FF7B60020D87CEE8BFF8327292176F47EB19EC3E85A34416A8E6CE68BC689F4E658D4611ADC812E90D05A7D495158D82EAEA49E225F73B3833E7B3097A47A4B126A55171255296C377853CF55E337D82454329097923851B4923BDCD46C9B55FBD4C63B81409BC1C0BDD0AC85433B841B0C610FA88FBFEE41E04D80ADB2A20CF5808B1251825406C58919C68B87E8E6C0573F9F8BA767B0C2C0EF4AD5724ADFA32FEE090C6E68D61FA693AA6FDE81FFB3BF4AD7957CDFB370B4FB31F52873BBF1973B2BEA8F94B7CC701E9C009EA8C0990108B028EDF81BD9E6782AF50F5AFE0EC791396B590B2891E17E6B9477AE7F2AC891B1264091EB3FC089A7ED1E4931FCA9C80DC982394F1A7E924EF5D864B9F556BC548999491A5EEDDCC4BDC985BC5EDA827C48EE8FD8416A7E0EDDD782085D4699EDCDAEB9CC62095545207A9EFA4BB67562E6F4C88B71A1449CC6729EFABF1346A09148B49838C520D4FF49914F0A3CC616778F56A46663976F64394F495401BA1642F8A5D398160592B1F8940848050A42D6D1DC0335EFD84795C7CF37B9479B97B3EC178A76775304837CF15C3D6810DB4751CB72EC084DE6B7FED453539359F6B405F4E7F2F9E062E7D620C896EAD3512DD5E982AECBCF09A20CCCCA51D141878C96363E97619306916771015DE2378CFB306021A5E0A97A9A8B765A83BED33AA165EB26FF95BAE0391F9040AD35111CB5106B09B88208771CE61C270247488CC6C085A9FEDE654DDBF41E6700D1B32B27E06A88E3AE01E00CC4C4367AF2C7D9D705583D472E85D42E3B840EECCC92F1EFD8640651D95620FED5996FE11EA1B1EFEB35299BB7C7934A25F59D5545EF3C95A364A3F565A63370B8E0E4AEFE4216D6849EAC26D702BB7B5390D524B90DA6CB2858F34BCB92BF42553DB538CA32C5D5421D19348A0448C44F6D2879C9A8B565BDE26B643559F99F11079C5C40524C903213485989E9675B5526A618793CB91DFBE6892E57E15F0800E535CF385AEE293C7E188E2537FE1C87EBEA6B293F81E6064447BFDB66A780292A0B67E1AD99767216EAA589CB65353ECCB27E0A852251B506C857F952F817173251438A49860AE275E57EF2DA967A016E8492D843A8B5F363E6F3DD3D01CD94632720C701C3C0FDFB596A01981F1CF975EA4E4B8DAE5EC5105840EAB6C3F6AA4546C436320BFE97052CD35666A819E05138EE4BFAB98DEF2A064739E58D43A0246B17A7C5358D8FC6CD255388A54E90A5F3BDC732A2F79622CC896C9B3C9F0EBB8DCD3EDE0DEE256A7B7979D331450C13EA9929B98A59D0E3815FFCD5D9426438FB343EE9300CE2328637EE44BC55A706EE15E32FC1DCC5E1A22ACB6D5F41B02FB0FCE736870678225E4AAA7DFF30B898B3CC1B36BEC986143ACF22A17BC1982CC169871CF81BA8757E72082A8D87FB4EE13885163AC5F50E9CD2615BA9F16C6C24407B69538CF07FCB5432A5AFB9F05871A7B9F1714B2BD43A39435B79A77B2F5B6960518E7F8827535F705D67A1A51C14B0ADEBE78072A72F2834521050983F08DF539DF509E2B79290B727BF090694742EB5CF2C78E5BE6E98E74B11EF36C88DF35FECA30B7AE9CFE268CC8679ECEF8CDD1E2B006D2BA8355AE84BF709114173F46D60C8055180EADACF684EAF4204F13286B50F8A6C2ED31AE1053099E582F442BA74BEDF5286E0C22E273EB84F06FDD4F2F2681806058FC2B4D880FA1A178BEB659770E13DD8AC3CE836022055E9618A1D0E527A108441DEC5FBA043F33ECAC37DE6ABCD04E2C10A20BB6BF6CD09A6F176276F99CE440B9649E9F3C1091404DAB4CD447A33147356C03A7F180C97970C54744D56863BC6C2C75BDF10CC5F7A49E43DDE0B4CEBDA7D83C21E8100DD02F0146EBD7AC2C8C0FE669A78CD99C775B38C01C7CE9193254061A7FF8BA155182E9DEC34B984E9CBBFA9CDC76F752EF11B790BBCA07CA5F4BA9FF6BF4B81A43DFB27CDA28FE3E5C3632F1C8A5E7AF2AFD3F26A50BEEDA332D908AEC571880DBC086DFF888A523803F0B071B23CFD5911B23F2E51932EB92CA9B815920151490111D16CF5D45B8C7EDEB298BDB2BC09F61F05D9D846DBBB0EBDFD658E701C933DA49664A65F95CA3A018BB17DEE808DA8C98FDFEA83EB1A764A38B2837C25FFF676DC42E03CFC9B957B59E0E6A505A9B9F1D7AEF96EEFE997760A49EDA9268DAC1E14EBAD251D3994DE81E28A5DDB2D7DB51ED5ED0D2F7E0C199639413713E66CB4AFA4DFA7103544899494EC4DD608CB43588045049FD35BDFBD654106C879AEF94D15A4DE4BDF13B89BB761418F25D7990796D8A66F3479C18A78101B9B4A77DAF571DC39064F08272D68F372FBB358BA99E25E5B246059A60BF783A83BF8577FC088A7ED631E78921B13211970C15829E53B837E5C8D31ED701BB98C96564DEDCE1DF8864FC8C8FC541E45287B55E16E2DBC91E17B9ACA2EDF015EAC288BBB7BE4F74736D0B1A1C67C5D8119848D73AFC3A4375823F66A529F638F7C3F1ABDD3503A4D6A09874359BCBA89A91A0F881A3512312D0D0E494BF6FA757A6BC2C7E179AB67DCDBEDE012CFE861AAE5132E767CB128029AF8EF32872DBA508DEFFCACC229145B095C3A7F694B0D13EDA637C36BA1228B6E822EE0DB46505869943D3EAC93600F65E9AACE15D34DB2604D70A6CE3177917299DE06EB6688CC67909FC611C857B89F10EC91ED72867A82459739B1007F4850EA39243AD030A286A2F6748291BBB6C83B9A666CB8C272F9D8EDF8265AD1B96E3A31BA1740383075F446ABE6805B3D3B72092AFE5028E4BEBB576110656763D91971C13C56CA8C6E538EAC3EC9DCE1DED67104BD874E5208720B088BBBABC756A86C7576181415927FEAB6B16038127956B4EABB37B4A6A7D84DF17C7060CB31A6F0DD22E7D36E35971BD7EF58E93E31A5A503FAD3EB6B6B905751B1235C097EE8CC5254C5662963A04C5A6455F3DD3761471901CFB19ACA96D1EFC75025A46CFE53B25E2D7B2C1B818E24FBF7CAF2B96BFCEFC0336575EB550FDB42EAB0FB024C312A726934BCECC26184E962623446B4E0D487E31C9671FEA6BBBCA6CA326052D496642FD1F62C29EAFDB6D8BC2F1F0CB8C1469CF45FF2D4254C89AF79AFDCD66D6A6E8A00EB9FEA861FC085C6F22C05647D38D4C72DEF7F3970B906F730DE82552572729EAD2B956468FD2637CA69A1CEBFCF1A8FAE1360D848C7A9575299A3C566347BDC52617BDC10AF8C874800A666A8DF63AB2D0E0A75C43DC140010A914242F927E746C584A7116E0C2DFA99A0F3E827B73ED8DDE2A26EE039F9AB7C654AA3BB57503F6EF5BFC4BF3260CFB5521D8E329DF27C008B86D5E693844DCD357C06CDBB983CE084FF0B4C8FDFAE0BEC00E2BBEC5D6F733BC39C71470BD0A505858601B9B44D9123C18A625ECC9712695281BA3279B57460A92B610F1F444A4978A95C26A4F34B7D1372947A214A356EF618AD87E901310DF62A92A806D544EDB3D714FE3494768937428F88E77BFA5D1D92AC80E2EE20D5C41EEA0288DCFC82B708CE22D93F57306FA5E2BB8CA34FEC9A365C4C0655276A61CC248840FE33B4B42BED9F502CAA97369655EB2F42B5587B2BC34B5EED0617AC3D86F89C300807062A8A4C734354408479E2F4FACB60DEAE17CA59258BAB867742B83022977CF2E64BAC7459D893976740785DB0431AED25F90BFCF252402E4684DF03F8B9CECE514A962A4EA263FECA49968C8C9A43F9E5460916E579897BBE7B76E68C6CF535D42F863EC59A19CA925028CE632E082CC57CFD962A9D1326A21561F0FEFE1B23B4D3A449287F43B2A4F7A3D3FB1186CDB66100DFC0F42610C92E150F5FA9BC9030940EE309CAAE59759C5DD66C434BAFAA546DD569A0521CCA4107D42DE690AFDA05535E709F9B8507BFC4F988D6EEA1D6D0413F5647A5D0CE5ED61095896139D731C24E4D017E80E59477F05105055E392949254115B4DE54C7DFF1387B9C5485E1CDBE64BA1FA7ACF535EF07B59597C98FF7BA53DC64C1F3354F3668CCC14FE78E77F616C9EF4F40635FD96D7200C2CAFB0FF25306569863F5CBB951B1759855037EE357B72DB09A994D07DD7D27C4FEDCB471126BE005237B2CE60BF383F769803C4247D271627559198DD5ADE2525390821835CDA8A2927C2F342570C950E63D9601A66570DB22E97B3B598BD127E2AF72CBE0E85A6B74F50D8B1BE119DFAA018FBC313E88291C3EF5FC96FA93A7297A72AC04638548D85B32C3710665BA3C1F8139D7B7AECF480D82BEC6719BECDB9459BA1CF0CC6C2EAC35724292FD9053C012E39717D032DFF8EF4C4DFDF0B2708F324178AB86D648622F3C391262A73A78F8F9C9217E15B9657340459DD4DC9DF83D289945D96CFD76D383EBF2EEECD8934C98FCF6FCB3A24BA6F03588741D6FD3E6CD40F47490A5956F4FFC0BC504F19E254335AD355EAB2A3BF9FBEBEFC0142F7F3973384EE942E5153C2DB35387FCC582BC8B171626A67E226C31AF355D82B3F47D756BDA250C1204227127266C95023B481F07F0EA5779475ACD28F806BAF28D07C66D52AD1EEC3346629B5BEF037AE20FD82751FAF8EB96BF4699B55FB0EF02305AA92210D0E98B60FDD51F05AC83595FD0EFEB8DA284F76797673C45AABAE0994C9ADA5398A65652196C9F4C8D7CACF6A12E9D2AB408F8D6C89F57AC01FD27D09EAF60E5769ED4385C3536D0D922725278DBDA55D07A5F699D33051D6348EFAC74591C1F0F7268178A7729A6A316E98A90A06835957D5445EAEF9ED9960E9FA5D9EC9EEC4C24F3A945F2C7F300528F9CF24E89D1DBB10C6015C8D1AB6F16F5D9F4A782EEAB1072F791EC0B441224033C3A031DA1E3534E0EBB96E8FFEE0593A9BBFA48B6654C8C5ABDD7AA6E1648C8A8494238378EB2F106827086135734837917509A94931613803F8299CA992183A6103CC35F09DBF7D3EA0337791F2A6B5BA14FAF044866A64E4FBA0E315014D704E7399D5C0B70B6607B505A2630F543B1700C468DD9892C11C359C10A332BF64FB746BF3AB1250A905E2E9E7C25BE99D2DBBF9598C5C93F774E309E9144EE78BFF4FFE4B185EE98899524FB57B7364812F5FB57FBCAEF81CD21F68D07A8C04EA51103AC912DDE66AFE6C913457DE2DE7C216C7010E39DE9CFC25F9533B3FA3F52F9E2D6BD61DD14A621747891C74FB0F07986E3A8329A4778416811663FBFB5071FC56AF73E95574952CC401B70DDFC4C5C4E92BD0EB3188715F7246CBD54472E7C9A927279EA41515F8CDFCCD7EEBC184089A5279A234921F0957FE3B6C58CE9164F6E496B8C0B7D0F1B7376023E4FF031502B1A56EEF7E52A2186BE0A3890EFCCF9D4F0FCAEC0C6C04BA98BA60A75D055F7C9DB4D22A39772BB333922844B4908B752E313983F0D921346C7AF581400FBB4D56CC5EBB6E0217D9567AD170739F58D8E01BAEB9712DBC653FCEE622FE677CD607B678C4B412F3AFB6B73BBA8836D469C91382115AA638A8E3B369880C1CDE26714A90C3B0D5D8E3DABE4CF09750F8FB4EDBEAC84340E2CF753C42FE71BB970E2474101776F5C79D43340B8775428C272757981D69EAC0EE0F1A4BB20FEB17025C419E0A3CA19F1B22F40B349B0C8FE5BE2342E1E1BDF2544C3C513A50AA44D5406DEE7280F05B177776B621E425C165A9DED3D06BDA88C2D8FCE0B5012DB3DE32EE2941559026A7631EE4FE11F6A133FE8599D2A69CA3A2BAE44D6A5639A47241E8C9196321F954FEB74306752616B68F2394403CE5CC8413313841909F5373EA10B658B0E3A2BFC74294D0A1DF8AE2EE440AE861560965F3807DB1B6A4217A3D83AFE7D2340F7616B68F3DAFAE10363BC3107D24E8BF297A71264FEBC10695998532E346789016DE306B2E2EC8803C3369DD653E206CD50645D44892CACD2EB16F55618D4B7C2A0AE0961BF143B1E8692017AE8BCF9D85D5862C34C1A8043D14DFE49ADD7563C3BD403039B36320597A78E6D52D382DC11B86B0B0F907AFDFC1430901F0D9D26DA5D20825BF0BD7702ECA00A0BE225E764983D7829F4EA3EA38BCF8037578B05E3C825FBA8C6AE81916D4ED4182A34097D6B2502534D2F9C10827C8D90319FC70EDDFB8C9FF4C580BDC138BBEA0702EC9B00C59243DD43E603D909F0F51B3ED9339A1A05598A4D66EC70C40619E4514C1C65779BAA6F0E80FA5B92E78CAF01911E3BAE854BA79869F7C808581411CB5C794A4BCB0093FA66B24C45E07005446D20716581C99E0189C82AC12C470613C6D79CF7397D8866709D54AE12FC671D234BED654873946CE77375B455929A2EA2C3DA26871E8CD978710E09DA07F8091FFB35F59788DB33209FE95FDA61204A6E497558E13DB766D88F7678D02F10692C8D6C17A4E163F58E8AC21F4A53CE433F17870A6C3341AFB2944279D1BEE939211D29919E1F9F9BB18085D72956E3083820A6FB2FC77576028D967C7305EE3E0550DC1A50EDFED0F70CB774F0FE7ACD22FB83AC5CF58B0216BA8D7F6E522FF9A86A4FFC8B898FCA04E4A9495830B1B95493359F2B40D26084D20AC67D88BF8B1CEAB2EE337A7FB2453F164A63067E017B9EBFCE43C821BEF44F973D92C53DA1544D494E3E115E04A5D68B7A012920776F327AF2E8755FD6527C3FFA22FE6415863BBEB8BD5F9E10244342B37341FE15DCD9CED2CA360F0AE271B5D058E43F339865F06B506A158F41F88780356037A356257F8703631065818F3BB4C9192596BAD51047A41F75FB8573CA50BF16389262BC766FC837BEDD938F06747EB7160B5123B2B5A13F6102EB8A5AECF4FF2F7E82286837C439CE7262D0FE5E8A096440C49E5E581417B6168EF73EAA76768C212E5C75B7D5DF6BB2D71C9486CD7CB0B8FC350244FD94C8FCD24EE36550041566E73592AA49A89BBBF75C961B5C55363FC8707C186A8B7C0452F69233971A188C953617EBF5C3A6AD8576E7A54976DF3E55CBDFACC06FE81E13D54A06D5D986F273CDC1D04E7722886AE56F4B4E812431A52A96A88E1C83AF41534559E1B840D0D0B5D6096D251E911389A5B737138EA03DC59FC6248935DED393D174BFBFFDE68FCA9F78915EAF2ACF7E5569E3DFC9868B9EA962A578838ED5DE7106F0FF6596B7453D0703BC9898E862A1E3203416E6A1A6153A6A7BAF01245C4B6AC26E4498A1FB32D042DB7EA00D41B8B3D12E83BF1861F4257E24D3A6214BFE1F22D4AE5C2E2D2502A4C452F4FBF566725F99C82AF2C128078EF06FB0ADBC716608DB46537A52C1AA1661E19F6013705F314148CE2F550961F1CEE7E0DA4004F87683B96EF306AFB422E1BC51D81C57661350FF4B4F5C2F1E57080A704AAC7A06314D6A640D565F495C0A54F483AB7445CFE3B40696B64FB76A847564502FCD98BA24E5A9D761D39CB62FFBB126ED825E4D9B5215F180659274C358B8E91A4FAE1312227BADAB88C3F05B7A2B64DFE366386349B49CF913A57F3C4257DE84A3D2B81F33827A0C20343113A51FB7EED0B126CF58FEB3DD6E496A92A538EAB20C1A5B71A21CCF58123E86D6046C9C54D80AAFEE2453F8750BBA98A3AAB8B4973E29361DEBCED734EF6FD9165D37BA8A3C9DB75B0073B62CD4D7FC8A5D936A93F8D7A47366EEE8E6581BFBBEBC8CCF9F02BD4FB71DC9BD8442CA76217A9A9DB01D98ABEBFA4783559754BAC0E02A0E6EAB4219053A197E412C001715972884C54A0D4F40CD6D11F7AAFAE61AE47E066AA4B7DDBDCF7E72147060EC59A44A286FF686CD5D0ABED77BE247AD39139E0A957C5D0A5FA58F8921B62C6048FE4D5D411413D7BFF22B1C57FECF43660CD7B7D0DB8CE4E5073972CC70A4FD920EFEB789A7E71C7D7BD6B23F9167AF38F2416ABE16264765DBA9B7813A67E11BBA0FD5ADE75B311D4D72766FC55ED53961501A2942F52B98747D7B5D4BC411D3A841DB0667771DC18C50646B138C5A7E8E15C2EB502FFB61825189E7891F16A2A900EA3F55CFAC6429F1074145C6FDC98D3877CA069A4ABB6D6205D903A4FE0246B1F626DBA53621051B9E6C4C7571228F5DA210197047D8C04FD2EC582F57088849B7013ABA7236F2C2C1CB6FF05C086BEC074A8882301FCDD6A42BD78199E004113DAFAF57EE2E66A61E13697B2EF162D9E59504430EBDDC167487BCCE80C78C35DAA1A9BDA891B44977C7188978E6238ADAE3FB4132685E381D9C8BC5C4DF5EA7DCAC8750D801232E8BA888CB046142AFDAE5A7CFC683D60A91304AA9A3C31BAA4C43C54A4F35C56DFE4EA2B1D7A8094DE1B48C0CDE40C33044E73838DB674EE05CA7EBEF96D0A1BE767A93A47F084F9B73CBF39AAF01C106029CD8E5F54B8BB820D1FC2406464D1587B08DAD65BEA3173A67555F746DC48A8761B978A87E8AC6561A4EAF92670DA2951F0771A8E5B942895CF93C2190C322D49C43AA3B8BE517E01D0525812A266A274C2DE0278A5DE810901276CF14D9449F78ECECE1410E7FBF18E85830DE437AF72D4DB259A517A676871FFC05749F61035447B2D206212684B54C321A4B383D615272CA9B9297F8A60CE42BFC720E705024A6D27AB5CF73BA14FC69D87FD3237AC5E6EE11A824C4DF7E967A29508779989E4F40CC183A2D16D11948D7213E36D137D28E6CF1F8C30FC471104F45807019E0385424E52F588AF35E1934CDA06A0551C01399143A8DB330AB479211CEF93B7DE5F48C1AA3F67C8177D37685A343C91BDBB0126E77E89790014AD24CA5DC4313D17980ADFCE874273B0311D591D9D0974C47B690A3912922C234DB0DC90FE58368BF21B4CBCB4F0926D8B394B5110D68826D8A03F00C89143388070793EC8E3510034BEBF2FE45F07C69A3BA551BEF90CDD2D188D59E393F97AD55B25C1817F57F5F63D46444DCBDCE4571951F8C6964BB239C7F31B38CAEF76564007A029299992018C45A8BC3AA262DAF7C4A5C8E6047D284E7A234A83F3B05DC5D44A40A2B8B4E9BA56F5D209CA42ED64CFB1D9238F0990AE877F72CBE42B5070E564D59E338B989E984585A88EE3B15218511D897D35E61BE5E824BF46DCA2E8847569F67C31D4BB867D49B659E9FCDB73B63E5DBC4F975B00329F73328831B7DF93CB5F59967AB9015C017DB15608431203A76CF39B6A0704F33F60D9AB052417DBAE3D9230F6CCD9BC6B1B1B4C4B7A36283B5D9A7B2E5B342DD49EF45DCF5067F225855D6617250E9130B8B54D3698539176233CEC2659DB6E68627BFE54513686A7A968C8A3AEB076320B81D99A6634A3BCEB1357FE053B08A65F775AD2BBFCB1847562022607DDBCADEFB73121796E1BE92BD9DF29D83E37BD20868367C3943B26767F2A6462E27CBB5E8DA3D79287F310C45E384B9B2D2AECD39602775A0F6669971587721BED08E05AF7F80BB2AC861F2F3A2B393FB413716C6CAA776494C1C16E8472FCEAC224D6368DD44DBBED00FC2A09B4F5488E0675D3C1B76665BFFC4836CCAB6ED7061B8824478252E68243348C80BFB09E13823F13B0F6660F06A18ED36D068781FA480DBAE2A46970DA3F667156BB73049FE71927768DD5267686757F971673880F114BE99F3C81432268CC4DDBA7DE91524BE0A82B39DB2A9F31E3C6414A85BC686002D602833EEC313540A02EFCFC3BD2A9FDABF61295BB617142E7D603503ED782B18FA88D54ABB1682F3F7E253039B580222A1FF3C4E9070818F149AE604C915965AE3AB9173BC0130977CE82D2E4D9AD7F2819880818F90F8CEB4BDADFEE116428FE16F42D3A5BB16A7213AEDD5291D6EFCAC31E70A8393CC882F758C9F5DCE447C80CF815B49B262D847B624BA33C3363D8EEDE5449081A51485D8462BB49C2F26BC0D04302519F2FB2FC5265CAD1D2E602C731EFE9AC9E5CDBE265A52A3CDBA5E48620D67F60721F259A9824AE7A07651EB9CE46AB60458583AF3AF3BC03BA1E18BAA5403292AE2CEB2316BFBDADF82C5B1B47F1BCA69B9D991B04D7E1F610BC1A5A1548CE26E5EA0920A65A75054244F758658F064105BF2DAC2609041B3EAF8E6120C978D476809391C25022A0E8084C8AB97D99A0AB8C4132733ABC5B4576783E671327B9F0969ECF8F5DB5007ACD9C01
2 REG_BINARY FAD7E47B3EA4A4A6C9EF5A54B5921DEFB870F4C1810A31E351F8AA3D590AFF9067CDBA2D979C2825B2A55D5757F7712998216D364C24AB445F24C1BDBF
7 REG_BINARY EE90C15DD877EA48494607B1B2F5F9F4E041F7EF
8 REG_BINARY 8B2BFF6D8DCAB99510961FBB37B9A7F186F6A3070ACB63AB37D4E9A64456B2CF2DEE177964581F757066477935D9757EEE18FFBF01980BC7842906EA1485
1 REG_BINARY FFEDF0C3F0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ https://csg.abbeyfield.com/http/webgateway/Citrix/AccessPlatform1/auth/silentDetection.aspx
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6E0000006E0000008E030000AA020000
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ yes
Friendly http errors REG_SZ yes
FormSuggest PW Ask REG_SZ no
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY D832729FD4BACA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY D95769A670B1CA01
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 5A9261BFD4BACA01
FormSuggest Passwords REG_SZ no
HistoryViewType REG_BINARY 0000
Use Search Asst REG_SZ no
AutoHide REG_SZ yes
Use Custom Search URL REG_DWORD 0x0
AutoSearch REG_DWORD 0x4
Start Page Restore REG_SZ https://csg.abbeyfield.com/
DisableScriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74e7098000000000000000166f634dee&tlver=1.4.19.19&affID=17162
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Shareaza

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Capture Selection

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save as HTML

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save Selected Text

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Web Capture

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x1
FirewallOverride REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

Re: Google Redirect Virus23rd August 2011, 5:50 pm

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
C:\WINDOWS\system32\msgsys.exe REG_SZ C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
C:\Program Files\LANDesk\LDClient\issuser.exe REG_SZ C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\WINDOWS\twain_32\Samsung\ScanMgr.exe REG_SZ C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger
C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe REG_SZ C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC
C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe REG_SZ C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe REG_SZ C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe:*:Enabled:InstallCore™
C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe REG_SZ C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe:*:Disabled:Samsung Printer Connector
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe:*:Disabled:Hewlett-Packard Product Assistant
C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe REG_SZ C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client
C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe REG_SZ C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe:*:Disabled:Logitech Updater
C:\WINDOWS\explorer.exe REG_SZ C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer
C:\Program Files\Citrix\ICA Client\wfica32.exe REG_SZ C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix Client Engine
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe REG_SZ C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Disabled:mcci+McciBrowser
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe REG_SZ C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker
C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\Windows Media Player\wmplayer.exe REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe REG_SZ C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager
C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe REG_SZ C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Disabled:mcci+McciTrayApp
C:\Program Files\Apple Software Update\SoftwareUpdate.exe REG_SZ C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Disabled:Apple Software Update
C:\WINDOWS\system32\WgaTray.exe REG_SZ C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary
C:\Program Files\Common Files\Java\Java Update\jusched.exe REG_SZ C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:Java(TM) Update Scheduler
C:\Program Files\Common Files\Java\Java Update\jucheck.exe REG_SZ C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker
C:\Program Files\LANDesk\LDClient\LDISCN32.EXE REG_SZ C:\Program Files\LANDesk\LDClient\LDISCN32.EXE:*:Enabled:Inventory Scanner for Windows
C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe REG_SZ C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe:*:Enabled:0.7029722626396282
C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe REG_SZ C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe:*:Enabled:0.15735610579295667
C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe REG_SZ C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe:*:Disabled:mmc102.exe
C:\Documents and Settings\abbeyfield\Application Data\dwm.exe REG_SZ C:\Documents and Settings\abbeyfield\Application Data\dwm.exe:*:Disabled:dwm
C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe REG_SZ C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe:*:Disabled:csrss
C:\ComboFix\ComboFix-Download.cfxxe REG_SZ C:\ComboFix\ComboFix-Download.cfxxe:*:Enabled:ComboFix-Download
C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe REG_SZ C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
C:\Program Files\AVG\AVG10\avgdiagex.exe REG_SZ C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011
C:\Program Files\AVG\AVG10\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield
C:\Program Files\AVG\AVG10\avgmfapx.exe REG_SZ C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
C:\Program Files\AVG\AVG10\avgam.exe REG_SZ C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager
C:\Program Files\AVG\AVG10\avgemcx.exe REG_SZ C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner

Uninstall List

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BT Business Broadband Desktop Help

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BTBusinessHub

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ESET Online Scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoToAssist

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Document Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPOCR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2079403

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2115168

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2121546

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2141007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2158563

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2160329

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2183461-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2259922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2279986

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2286198

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2296011

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2296199

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2345886

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2347290

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2360131-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2360937

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2378111_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2387149

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2393802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2412687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2416400-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2419632

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2423089

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2436673

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2440591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443105

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443685

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2467659

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2476490

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2476687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478960

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478971

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2479628

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2479943

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2481109

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2482017-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2483185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2485376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2485663

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2497640-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2503658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2503665

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2506212

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2506223

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2507618

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2507938

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2508272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2508429

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2509553

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2510531-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2511455

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2524375

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2530548-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2535512

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2536276

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2541763

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2544521-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2544893

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2555917

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-v2-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB943729

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971029

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975558_WM8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976002-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980436

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981322

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981852

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981957

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981997

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982132

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982665

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M2416447

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProInst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Samsung CLX-3170 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmarThru PC Fax

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A65A3BD-54B5-4d0d-B084-7688507813F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{138A4072-9E64-46BD-B5F9-DB2BB395391F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15C0AF59-4877-49B6-B8C6-A61CE54515F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{181821B7-82AA-44DA-9DAF-EF254CCB670A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AD5F465-8282-4DAD-B957-E09C0B783D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B680FBA-E317-4E93-AF43-3B59798A4BE0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2376813B-2E5A-4641-B7B3-A0D5ADB55229}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216021FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{272EC8BA-5A08-4ea1-A189-684466A06B02}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F58D60D-2BFD-4467-9B4D-64E7355C329D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{342C7C88-D335-4bc2-8CF1-281857629CE2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{363790D2-DA98-41DD-9C9F-69FA36B169DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41E776A5-9B12-416D-9A12-B4F7B044EBED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4462265B-3DC7-44AD-B56D-D09BA67BA422}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45734758-4041-4EA8-8E62-DE661FC3879C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45B8A76B-57EC-4242-B019-066400CD8428}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{461073BF-9642-4A73-B58E-157358D412AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EA684E9-5C81-4033-A696-3019EC57AC3A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{644D04A2-C682-4FD5-977D-03B804C4B9C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64FC0C98-B035-4530-B15D-3D30610B6DF1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{655CB07D-C944-40BE-B93F-55957CAC7625}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66910000-8B30-4973-A159-6371345AFFA5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68763C27-235D-4165-A961-FDEA228CE504}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6909F917-5499-482e-9AA1-FAD06A99F231}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{695B13B2-7919-4EC5-8601-092F0D2DE069}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{736C803C-DD3B-4015-BC51-AFB9E67B9076}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7C03270C-4FAB-4F5C-B10D-52FEDA190790}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{829CD169-E692-48E8-9BDE-A3E8D8B65538}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8331C3EA-0C91-43AA-A4D4-27221C631139}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87E2B986-07E8-477a-93DC-AF0B6758B192}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADC27DB-E2C8-446C-A576-166C05C2DD24}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0010-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{D670F9B9-3E84-47B5-8A4A-618B65DB1593}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{51864046-74C8-487B-97CD-6167A4B1DB56}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{B20E2C59-EEC5-4102-9E50-5DBB2093C37D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4E140A5A-4A90-404A-B955-10C2D98CD3EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{6F0E4983-E419-4591-B7DD-EFB0073D3E47}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{54DF3345-0720-4224-9740-C7E00303F565}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1365864D-4C58-489D-9982-844D75691CCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3A4CDE54-2403-483D-8D9A-15E3264410DF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{536FB502-775F-4494-BACE-C02CC90B7A5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{59D8F1FE-7B08-4F0E-840C-D1BF93D22A6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A4E43D5-858F-49BD-BA72-8F30E1793060}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5C497F0B-2061-4CC9-A61C-6B45B867354D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5D930261-AA5B-48D1-931F-425C9D767490}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7F207DCA-3399-40CB-A968-6E5991B1421A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A0173254-F442-4D04-9154-43FA157B83D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AD0DE453-0804-4495-9C91-33D0F9AA5463}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CD769337-C8AC-46DB-A7DC-643E50089263}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CD907315-705A-4475-A1A0-2A1245803E4D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{F21BF703-548C-47B2-B92A-6876E9566C42}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{7332DE60-DC79-4578-A60A-A5EA0D6E032B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-2005-0000-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90B0D222-8C21-4B35-9262-53B042F18AF9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90F1943D-EA4A-4460-B59F-30023F3BA69A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94658027-9F16-4509-BBD7-A59FE57C3023}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{996512CF-F35B-48DE-9291-557FA5316967}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A29800BA-0BF1-4E63-9F31-DF05A87F4104}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5B9D22C-755A-4AC6-9904-875E80838BB6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB9948B-4FF2-47C9-990E-47014492A0FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6286A44-7505-471A-A72B-04EC2DB2F442}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2478658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2518864

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

Re: Google Redirect Virus23rd August 2011, 5:52 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6767D-B395-43CB-BF99-051B58B86DA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F81504-72F3-4262-9449-487404DA75BB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8753E28-2680-49BF-BD48-DD38FD086EFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAB5C521-80B2-48C3-B0DA-326A1B331F55}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBC20735-34E6-4E97-A9E5-2066B66B243D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1B80DEE-A795-4258-8445-074C06AE3AB8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E81667C6-2856-46D6-ABEA-6A2F42166779}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F157460F-720E-482f-8625-AD7843891E5F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F3760724-B29D-465B-BC53-E5D72095BCC4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6076EF9-08E1-442F-B6A2-BFB61B295A14}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6090A17-0967-4A8A-B3C3-422A1B514D49}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB15E224-67C3-491F-9F5C-F257BC418412}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.2.159.1
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x2
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
EstimatedSize REG_DWORD 0x1800

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SDClientMonitor REG_SZ "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
HP Software Update REG_SZ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Samsung PanelMgr REG_SZ C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
LWS REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask .exe" -atboottime
AVG_TRAY REG_SZ C:\Program Files\AVG\AVG10\avgtray.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
disableregistrytools REG_DWORD 0x0

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23D57F0F-4681-4BC1-B8E5-8CA29E2F9EF0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5475EAA6-C226-4FCE-9128-23A544A5C336}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DE79B38-9EBD-4E00-B6F1-B4BC6EDD8C0C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ED1BB0A-4EDF-4142-B38B-C5B134631AC8}

Windows IP Configuration

Host Name . . . . . . . . . . . . : ABEXL0002

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-16-6F-63-4D-EE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 23 August 2011 17:09:09

Lease Expires . . . . . . . . . . : 24 August 2011 17:09:09

AppInit DLLs

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Shell Execute Hooks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

Image File Execution Options

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x338
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
REG_SZ C:\Program Files\AVG\AVG10\avgse.dll
Menu1 REG_SZ Scan with &AVG
Help1 REG_SZ Scan against viruses with AVG

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C-Major
Path REG_SZ C:\Program Files\SigmaTel\C-Major Audio
REG_SZ C:\Program Files\SigmaTel\C-Major Audio\C-Major

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CameraHelperShell.exe
REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\system32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\abbeyfield\Desktop\Commy.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ControlPanel.exe
Path REG_SZ C:\Program Files\SmarThru 4
REG_SZ C:\Program Files\SmarThru 4\ControlPanel.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FSCapture.exe
REG_SZ C:\Program Files\FastStone Capture\FSCapture.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GROOVE.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\GROOVE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqApkil.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\;C:\Program Files\Hewlett-Packard\Digital Imaging\bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqApkil.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqDIA.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqDIAS.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIAS.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqgalry.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqimzone.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\;C:\Program Files\Common Files\HP\Digital Imaging\bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqisc01.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqisc01.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqise01.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqise01.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpanos.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\Bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpanos.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPhUnl.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPSmon.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\;C:\Program Files\Hewlett-Packard\Digital Imaging\bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPSmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpsxp.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\Bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsxp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqqpawp.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\Bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqqpawp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqthb08.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqUnSet.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqUnSet.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpquph.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpquph.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqvpswp.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqvpswp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqXfer.exe
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqXfer.exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ImageEditor.exe
Path REG_SZ C:\Program Files\SmarThru 4
REG_SZ C:\Program Files\SmarThru 4\ImageEditor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\InstallHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BTHelpBrowser.exe
Path REG_SZ "C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe"
VendorNeutral REG_SZ false
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BTHelpBrowser.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BTHelpNotifier.exe
Path REG_SZ "C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe"
VendorNeutral REG_SZ false
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BTHelpNotifier.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ICSWirelessManagerApp.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\ICSWirelessManagerApp.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ICSWirelessManagerApp.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\InstallHelper.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\InstallHelper.exe"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\InstallHelper.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ipworks6.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\ipworks6.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ipworks6.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ipwssl6.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\ipwssl6.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ipwssl6.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsHelper.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\McciAppsHelper.exe"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsHelper.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciAppsX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciCMService.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\McciCMService.exe"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciCMService.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciConnectedDevicesX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciConnectedDevicesX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciConnectedDevicesX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextDetectorEmail_DSR.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextDetectorEmail_DSR.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextDetectorEmail_DSR.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextDetectorWin32_DSR.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextDetectorWin32_DSR.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextDetectorWin32_DSR.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextHookSvc_SSR.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextHookSvc_SSR.exe"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextHookSvc_SSR.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextHook_DSR.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextHook_DSR.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextProcessor_DSR.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextProcessor_DSR.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextProcessor_DSR.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciContextX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciContextX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciControlHost.exe
Path REG_SZ "C:\Program Files\Common Files\Motive\McciControlHost.exe"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciControlHost.exe\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciEventX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciEventX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciEventX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciHTTPX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciLogX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciMapX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciMapX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciMapX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciNetX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSMX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciSMX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSMX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciSysDialX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciSysNetX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciSysX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUACManagerX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciUACManagerX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUACManagerX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciUtilsX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciWirelessClientAppX.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\McciWirelessClientAppX.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciWirelessClientAppX.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMP31.vxd
Path REG_SZ "C:\Program Files\Common Files\Motive\MREMP31.vxd"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMP31.vxd\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMP50.sys
Path REG_SZ "C:\Program Files\Common Files\Motive\MREMP50.sys"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMP50.sys\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRESP31.vxd
Path REG_SZ "C:\Program Files\Common Files\Motive\MRESP31.vxd"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRESP31.vxd\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRESP50.sys
Path REG_SZ "C:\Program Files\Common Files\Motive\MRESP50.sys"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRESP50.sys\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N55_550-1804-1_DSR.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\MREW32N55_550-1804-1_DSR.dll"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N55_550-1804-1_DSR.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N55_550-1804-1_DSR.ini
Path REG_SZ "C:\Program Files\Common Files\Motive\MREW32N55_550-1804-1_DSR.ini"
VendorNeutral REG_SZ true
Unregister REG_SZ false

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N55_550-1804-1_DSR.ini\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\npMotive.dll
Path REG_SZ "C:\Program Files\Common Files\Motive\npMotive.dll"
VendorNeutral REG_SZ true

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\npMotive.dll\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Uninstall
REG_SZ INSTALLHELPER_PROTECTED_KEY

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Uninstall\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Uninstall\btbb\Bundle Versions
AXB REG_SZ b69ba5c1-b40c-4be0-8101-1fbde8f18761
CDB REG_SZ d6530498-af6d-4029-981f-4a79990e1002
AGB REG_SZ 09f03bc4-1450-47f6-b756-f508850599c1
OCB REG_SZ 7fe0c1f6-90a0-4ebe-8bb7-caa4ff0e4ab4

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Uninstall\btbb\Content Files
Entry0 REG_SZ C:\Program Files\BT Business Broadband Desktop Help\btbb

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Uninstall\btbb\Registry
Entry0 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{339AE6CA-DFE4-4C4B-B628-C05AC7E2462E}\\motv
Entry1 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EC5727B9-6B25-42E8-A58B-3BBD8B46FE8C}\\motv
Entry2 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E99C7442-4F99-4EA5-91CE-884B46C7ABB8}\\motv
Entry3 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3695C371-A170-4AB6-A011-B19F256D9EFC}\\motv
Entry4 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D972A25-2BCB-4B87-BE01-EEDC9355A3C0}\\motv
Entry5 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09AB7993-AEB2-4FD6-A524-91BBA17D7E43}\\motv
Entry6 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E3B2207-4727-4F45-84F2-471A6AF918F7}\\motv
Entry7 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1EBA8D52-542A-4097-91E0-69589E258ABA}\\motv
Entry8 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E7352BAC-43C4-44B0-92A7-CF57D71983DA}\\motv
Entry9 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{264641C3-D215-4773-8437-EC658D6EDB10}\\motv
Entry10 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{796F99A6-F0C2-409B-AF25-914FB1611122}\\motv
Entry11 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{12EF5346-C2DE-47ED-A00A-97FC0197065C}\\motv
Entry12 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C55DCDBF-2690-4E6D-BDE2-9BE47B1B1BBE}\\motv
Entry13 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E0FEE963-BB53-4215-81AD-B28C77384644}\\motv
Entry14 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A9B2170-D224-435a-A8E5-2BE7CEFAF590}\\motv
Entry15 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D9F972-ABCE-4aca-B8CD-C641D3BF29C3}\\motv
Entry16 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A8BF8449-B2DC-4224-B22C-5DB10EE07A7A}\\motv
Entry17 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42F4575A-0701-4b09-8289-922CBEF05DC6}\\motv
Entry18 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D9A02CB-6367-4d7d-8607-04B300372D74}\\motv
Entry19 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AD152FC-3023-43dd-B750-59CA9AC3B8B5}\\motv
Entry20 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E20696E-3B45-4c85-890C-E30FE62B8BF6}\\motv
Entry21 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAEAFE12-7726-4c39-B620-2601216CFBB5}\\motv
Entry22 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26839287-CEAE-4b9f-B9AF-A2F4E3414788}\\motv
Entry23 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E428E81B-DF5C-4416-8974-823A44FF890B}\\motv
Entry24 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B532129A-4847-4913-882B-A5CA72423AF1}\\motv
Entry25 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6035EF33-C813-47dc-A2B6-F756606C11D3}\\motv
Entry26 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{73D1332C-D754-4e1d-83F2-C59C8CC6A80F}\\motv
Entry27 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3EEC59CC-1F1E-42ac-9E9D-32BAC3D126D1}\\motv
Entry28 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C662477-6AF9-4342-83FC-FE038176FB73}\\motv
Entry29 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB3B91F7-1070-4BFD-AA42-6C523B9162B9}\\motv
Entry30 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C1A5446-45E1-412F-BF68-EBFBB8405A1B}\\motv
Entry31 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E60E6F4-D4D4-41d6-B4A3-15E2716F23A9}\\motv
Entry32 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BD35C8E5-027F-4422-A5E2-40D614DEC96A}\\motv
Entry33 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8377248A-07CE-4C3F-BC90-D77D3F563D06}\\motv
Entry34 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B4502AB9-D959-4968-A17F-A94522016899}\\motv
Entry35 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88C46F12-0901-4038-970C-40C6E6F5AE6D}\\motv
Entry36 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C777E1D2-A5D6-4B24-851C-7EA0A4479D96}\\motv
Entry37 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F5EF417-B9EF-4cd1-972F-BAAE33D8523F}\\motv
Entry38 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D8BBD5A6-E1C1-46b0-B0AA-06312AF38940}\\motv
Entry39 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E13BB93-7F91-4dfb-B754-5135B0453D22}\\motv
Entry40 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63C75619-EC16-4095-9B0A-E615E47B3978}\\motv
Entry41 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2BC4304-F2C6-4284-9B29-FE4F6EEF2950}\\motv
Entry42 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08A3018D-4E94-4b14-BE09-E188C04BF3A1}\\motv
Entry43 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC75A096-D389-401b-8601-B2C600E22424}\\motv
Entry44 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E0537AC6-146B-499e-8680-917BAE9706A1}\\motv
Entry45 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1C6FA6AF-3627-4571-A17B-B10C77157EFE}\\motv
Entry46 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B04BC59-D506-475c-9474-050DF64B13EC}\\motv
Entry47 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8FD68625-2346-418a-8899-67CB36B1917F}\\motv
Entry48 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{973D3EF5-8A26-4A79-BD7E-BB71130FFC6E}\\motv
Entry49 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{31A1E925-9F8C-4a5a-BB59-D0C5209421AF}\\motv
Entry50 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8E36CB36-A412-42d1-ACA5-AF073D99D0B4}\\motv
Entry51 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88F821AE-DA85-477b-8723-2D536E4B5F34}\\motv
Entry52 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{350D02A9-62C4-4b9a-9114-AF9ABE5053BA}\\motv
Entry53 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B50830C0-EF53-4212-ADCB-004FD3BE6352}\\motv
Entry54 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE72D6DA-E8ED-4305-AC02-CDCE69B40BD6}\\motv
Entry55 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0AFC220-63F3-44d5-BDAF-BD267263BC96}\\motv
Entry56 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3F065F44-E8FD-4708-949C-FC6C12ED2087}\\motv
Entry57 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35FE37C0-96D9-4a37-976A-4EBFB653DDEA}\\motv
Entry58 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F4B4E3B3-7019-418f-A983-2902DB0998E2}\\motv
Entry59 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DEF05203-B9AE-491a-B5D6-8E41D9D02FC7}\\motv
Entry60 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E29CA232-286B-423c-A67B-B9E5A32ECF00}\\motv
Entry61 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{528BF874-2681-4ce3-8C62-AA0D3BC0A719}\\motv
Entry62 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0311C807-6D7D-4213-87AA-1EB15E4E526E}\\motv
Entry63 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{905BB331-7451-4624-B0DC-397186DE4AA5}\\motv
Entry64 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D170740-6680-4E7A-90A1-A948D8BD704B}\\motv
Entry65 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B9F6177-1736-4899-8425-9DC5D82211B9}\\motv
Entry66 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC132E8F-7B65-405b-A833-507DD795237F}\\motv
Entry67 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ADFFACE-4CED-4033-9B3E-9838A3AA3647}\\motv
Entry68 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F7AE16C2-36D5-4210-824E-0B03084C91A0}\\motv
Entry69 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C0DE3ADC-B9F6-4b6e-8476-DE2A444FAAC8}\\motv
Entry70 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE523BE1-A8ED-472e-8F39-0E07E6D49C58}\\motv
Entry71 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88DF27F7-EA51-4314-A08B-901A05D2B690}\\motv
Entry72 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{31C7C77A-BC11-41dc-8DA2-8224600DB0AD}\\motv
Entry73 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4F7B975C-DE07-41db-AF2F-4DA7B8651D2F}\\motv
Entry74 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FE324B5-CF58-4b8b-9968-AD6FC9617CE7}\\motv
Entry75 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5A399D48-F671-49d7-803F-B6C52539F8E6}\\motv
Entry76 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B393F307-064E-4935-8388-AAF57A807329}\\motv
Entry77 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F7808D00-B85D-4584-8255-A6E52B042FDE}\\motv
Entry78 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{13957E22-0AA4-435b-8713-9AB089EBB480}\\motv
Entry79 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{882A137E-18B1-4c62-BEAC-927A90D1DC85}\\motv
Entry80 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50D19FFC-9FFF-468a-B32F-8748E96D395A}\\motv
Entry81 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBEB2B81-045C-4452-AD9D-E8AADBDFCC45}\\motv
Entry82 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EF50893-29FE-4827-9AFC-64082D71442A}\\motv
Entry83 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3F0EDA5-A97A-458b-B73A-52CC0D25F408}\\motv
Entry84 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70FFA2D8-A586-4bdf-AEC2-60695D47F5F6}\\motv
Entry85 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE68AAFC-A210-4ed6-A538-95CB13AD8B3F}\\motv
Entry86 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D65A27A7-69F7-484d-A427-B1A11EF6D47C}\\motv
Entry87 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B4C3539D-B804-4faa-8BBF-FB60BFAD4EA6}\\motv
Entry88 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{15F08F29-C341-44BF-9DB2-2A7A23304E14}\\motv
Entry89 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{728A9D45-5E9B-4634-A8C3-5223620618F6}\\motv
Entry90 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DDC1A0AA-5C37-4C21-9C6A-15816B708029}\\motv
Entry91 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A98CDA82-48AA-4818-9831-779212F322C9}\\motv
Entry92 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{637E07C0-56A8-41e5-85E8-52DAE23F3091}\\motv
Entry93 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{13DD78D3-2194-419a-85AB-6EAF19E4B754}\\motv
Entry94 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EA277CDC-A2CE-4fb1-A757-284F7C7650D6}\\motv
Entry95 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{807AC6CA-2C63-4fbd-93CB-34C0B57B0ABD}\\motv
Entry96 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{76947A08-DFBC-48f3-977F-5612E575B6B1}\\motv
Entry97 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E69CAF33-4F0C-4f2b-A2E5-0D4F458EC22F}\\motv
Entry98 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8FA8430-B094-462D-9376-32E521B0DA6F}\\motv
Entry99 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0C474B8-A343-4e03-A3F7-CB48E60AEA76}\\motv
Entry100 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8FB5DBA9-C15B-4a6f-AC5C-2DFE0D19F18E}\\motv
Entry101 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D6BA59B-3780-456b-A3B4-B7754E57CA4B}\\motv
Entry102 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{545F0C50-D82C-423E-90F5-B64B8FDA2289}\\motv
Entry103 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71FFA580-18B2-4b76-8D43-EB3DBBC2DC87}\\motv
Entry104 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CC20493B-D31E-428e-A4D0-E3852EE334B2}\\motv
Entry105 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6FF3C3C-F33A-4269-9300-2682DB3B3441}\\motv
Entry106 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4EC99A0B-E57C-4FBE-B9C4-8428424FBF88}\\motv
Entry107 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD10EF8-52F2-48cd-8D18-FE650182BC3F}\\motv
Entry108 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09A18A8C-F249-4681-BD97-426B12F32E77}\\motv
Entry109 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E38D40E5-DF1B-4293-B7DE-FEBBC1366317}\\motv
Entry110 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7A9FF97-4738-4486-8568-DE4C66C185F4}\\motv
Entry111 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{64B0FADF-E36B-4073-962E-E865CE7D1AA6}\\motv
Entry112 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5094F68B-A59A-4020-9430-12B083E3BAAF}\\motv
Entry113 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F18278-37D6-4980-9B6B-A947E6852047}\\motv
Entry114 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60C63E93-D048-4570-A2F7-8E9C5B57A082}\\motv
Entry115 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38557747-4F3F-412d-A3D9-D6FD6D38D75A}\\motv
Entry116 REG_SZ HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F9EFDD-8B1F-4D2F-AF13-D7A6CCF1E4C1}\\motv
Entry117 REG_SZ HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F9EFDD-8B1F-4D2F-AF13-D7A6CCF1E4C1}\\AppPath
Entry118 REG_SZ HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F9EFDD-8B1F-4D2F-AF13-D7A6CCF1E4C1}\\AppName
Entry119 REG_SZ HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F9EFDD-8B1F-4D2F-AF13-D7A6CCF1E4C1}\\Policy
Entry120 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B97AD61-2D6E-4872-BD06-803A594AE96C}\\motv
Entry121 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E460C525-1FB6-40c8-A309-669BF787DDB3}\\motv
Entry122 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D12BDC0-90D7-4268-805F-47EC517A47ED}\\motv
Entry123 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{65D446BD-6D06-4b4e-8BD2-1AAA4C75CB56}\\motv
Entry124 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9776ED1C-CEFE-4bd6-B865-A62532421608}\\motv
Entry125 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{39264597-3CDC-44a3-B1F5-154B55F1C3EA}\\motv
Entry126 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3F59DF3A-7D9B-4655-9175-3FBCD98122B7}\\motv
Entry127 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{84C14BAF-AF20-4900-915B-70E67B60E2DD}\\motv
Entry128 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED8D28AF-E964-4d7b-A137-6E611546F948}\\motv
Entry129 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2A58068-7A7B-4d0a-B5AB-C86492FEB1B2}\\motv
Entry130 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE4A6F66-F9A7-45b3-AC6D-A4A9905AE1E1}\\motv
Entry131 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1AAD5791-2D0A-42C8-9DA7-4281003951AC}\\motv
Entry132 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{438D0E18-7B00-4f88-8C2B-4F00C2A3D62A}\\motv
Entry133 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{86130CD7-A175-4bd7-A8FE-94112D7F2039}\\motv
Entry134 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306}\\motv
Entry135 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E}\\motv
Entry136 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4A633ED4-41C3-466E-8E3C-82C33950B53C}\\motv
Entry137 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D36A6CC-E87B-4AE7-BE09-3BDF338445C1}\\motv
Entry138 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7063B95A-70DB-4BAC-AF83-2E07A14B5D90}\\motv
Entry139 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6724164-AE88-488D-8D53-E6FE734AA275}\\motv
Entry140 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{366071B1-1F2D-426C-9525-BE4CDC87845B}\\motv
Entry141 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C5F0A53F-C4CC-49A9-BB67-5E2B1BFD67F5}\\motv
Entry142 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{297C00D0-423F-4746-AE0B-DFD4702F956B}\\motv
Entry143 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2676BE8D-B404-45C6-AEBA-3A11698564B7}\\motv
Entry144 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81A371CE-8FC0-42D1-8561-022409DC9982}\\motv
Entry145 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{74AAB4CF-DB5A-4AF4-9C81-BF029847072E}\\motv
Entry146 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95675031-6954-4917-9BE2-CDBEBC8E9F79}\\motv
Entry147 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1399D09B-7A35-441A-B0AE-760C3CE97459}\\motv
Entry148 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4EE4100E-EDA5-43A9-9DD9-CBDDD64EE6E3}\\motv
Entry149 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{454F90E4-E147-4F52-A335-AA04625344B2}\\motv
Entry150 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{399069A6-E1DE-414B-94BD-493B029C6DA1}\\motv
Entry151 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B6859F-8241-45D7-8540-4AAC57072D18}\\motv
Entry152 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7DCAB9D6-19E5-4190-A3FE-0F252EC2FCEA}\\motv
Entry153 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{34ECB075-144C-48A7-9AD2-8760231379CE}\\motv
Entry154 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{30D0EC5D-3C0D-4848-BD68-D568AC3F41E6}\\motv
Entry155 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3F3046E-7E42-47B3-A498-7B09004897E3}\\motv
Entry156 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D256B2D9-9C58-445A-8C38-C3AAA84EF137}\\motv
Entry157 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4CD61365-F036-408c-9DAB-6F8F123D68D0}\\motv
Entry158 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EFD3EA56-234D-4240-90EA-CC9FA3AF5A01}\\motv
Entry159 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{780F8ADC-3150-4953-853A-975F80BCAF0A}\\motv
Entry160 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BF0FF49A-8C0D-4ECE-B5C4-0BE00BED72DA}\\motv
Entry161 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{535393C8-DCDA-4155-BEA2-D621C76FE903}\\motv
Entry162 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81755D8F-D9C1-42C7-887E-B7B3FBDBACEA}\\motv
Entry163 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EAC3C01-174B-4BB8-B367-7097CE61C541}\\motv
Entry164 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F0D9E95-38DE-42C9-99FD-0A6D05CA5AAB}\\motv

Re: Google Redirect Virus23rd August 2011, 5:53 pm

Last one...............

Entry165 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B12229A-1343-4A35-A958-E99B1B02F63B}\\motv
Entry166 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4}\\motv
Entry167 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{517431A3-30DA-4EE1-B2B4-CF32B89EB911}\\motv
Entry168 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8BB94CB-7C06-445D-8DBC-6E4CCAC1F905}\\motv
Entry169 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1FC26549-AF52-4742-9E93-1C5E22990D1E}\\motv
Entry170 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA3142E4-C87C-4D62-A285-B30F1FBB5412}\\motv
Entry171 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5432C581-2661-48A3-AC79-B72B08436562}\\motv
Entry172 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A68EB349-B09E-42CC-89CF-955614D5044B}\\motv
Entry173 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{845EE5F2-4A22-4AD6-A838-6FF4B759608C}\\motv
Entry174 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C14E6DF2-A0AB-4A47-A506-BFBA2B48A79A}\\motv
Entry175 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D319D42-A15D-4524-A3DD-D284C585AF3F}\\motv
Entry176 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F3FE0AF-9DEA-42BF-9CF4-74873DBD8135}\\motv
Entry177 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B917F57B-5E5B-4034-8F1E-191AA6E562CC}\\motv
Entry178 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5AF01DCD-8539-4814-9693-ADF47058F075}\\motv
Entry179 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ADC5034D-4DF4-4952-9F33-0A55BC68BF1E}\\motv
Entry180 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{205D0483-F1C4-4FA2-B464-99EAA453B108}\\motv
Entry181 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C606BA60-AB76-48B6-96A7-2C4D5C386F70}\\motv
Entry182 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0874A484-B3C0-432B-9312-628531081045}\\motv
Entry183 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8F2F747-B910-4FF7-8858-37E1AF677348}\\motv
Entry184 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f5078f32-c551-11d3-89b9-0000f81fe221}\\motv
Entry185 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\\motv
Entry186 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E6462E7-FF65-4637-8DFA-B4DB0CFECD71}\\motv
Entry187 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D74E9330-30B1-436A-B481-369C0A50A5C1}\\motv
Entry188 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07F5B4EE-E21B-49c8-B49F-21D0CE33380D}\\motv
Entry189 REG_SZ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\\1209
Entry190 REG_SZ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\\1209
Entry191 REG_SZ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\\1209
Entry192 REG_SZ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\1209
Entry193 REG_SZ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09ED5825-2ABD-45BF-A5ED-4265E1027D4D}\\motv
Entry194 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb_portal\\Agent Path
Entry195 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb_portal\McciBrowser\\AppPath
Entry196 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb_portal\McciBrowser\\Browser Title
Entry197 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\ApplicationControl\\McciContext
Entry198 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\Maximized
Entry199 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\No Resize
Entry200 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\No Statusbar
Entry201 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\Browser Title
Entry202 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\BrowserSize
Entry203 REG_SZ HKCU\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\BrowserSize
Entry204 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\AlertWebFlow\\SecureSchemeAuthority
Entry205 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\AlertWebFlow\\UnsecureSchemeAuthority
Entry206 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\AlertWebFlow
Entry207 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\ConnectionTargets
Entry208 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineDispatcherURL
Entry209 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineDispatcherURLForATS
Entry210 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineDispatcherURLForCSM
Entry211 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineShutDownPage
Entry212 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\ConnectivityAssistant
Entry213 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OfflineEscalation
Entry214 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\AutoShutdownTimeInSec
Entry215 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\WaitAfterRebootInSec
Entry216 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineHomepage
Entry217 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\OnlineInitURL
Entry218 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\SkipDispatcherFlowIds
Entry219 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\CSMDispatcherFlowIds
Entry220 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\ProxyTestTimeoutInSec
Entry221 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\AllowCookieDomains
Entry222 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\TargetFlowAfterConnFail
Entry223 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\OfflineDispatcher\\SolutionContext
Entry224 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\\Processor
Entry225 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\\WIN32HOOK
Entry226 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\\MSEMAIL
Entry227 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\\WINDOW
Entry228 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\\WIN32HOOKSVC
Entry229 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\Delimiters\\btbb
Entry230 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\Outlook Dialog\\btbb
Entry231 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\Detectors\Visible\\btbb
Entry232 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\btbb\\Alerts Location
Entry233 REG_SZ HKLM\SOFTWARE\Motive\Rainier\McciContext\btbb\\AnimationSpeed
Entry234 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\\TimerInterval
Entry235 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\\ShowTrayIcon
Entry236 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\IconStates\0\\Icon
Entry237 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\IconStates\0\\ToolTip
Entry238 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\ProgID
Entry239 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\Target
Entry240 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\Container
Entry241 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\ShowContainer
Entry242 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\MenuItemAction
Entry243 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\0\\MenuItemText
Entry244 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\ProgID
Entry245 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\Target
Entry246 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\Container
Entry247 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\ShowContainer
Entry248 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\ParameterData
Entry249 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\BlackoutID
Entry250 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\MenuItemAction
Entry251 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\1\\MenuItemText
Entry252 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\ProgID
Entry253 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\Target
Entry254 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\Container
Entry255 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\ShowContainer
Entry256 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\ParameterData
Entry257 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\MenuItemAction
Entry258 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\2\\MenuItemText
Entry259 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\3\\ProgID
Entry260 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\3\\MenuItemAction
Entry261 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\3\\MenuItemText
Entry262 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\Container
Entry263 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\MenuItemAction
Entry264 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\MenuItemText
Entry265 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\ProgID
Entry266 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\ShowContainer
Entry267 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\4\\Target
Entry268 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\BlackoutID
Entry269 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\MenuItemAction
Entry270 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\MenuItemText
Entry271 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\ProgID
Entry272 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\Target
Entry273 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\Container
Entry274 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\ShowContainer
Entry275 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\5\\ParameterData
Entry276 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\BlackoutID
Entry277 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\MenuItemAction
Entry278 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\MenuItemText
Entry279 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\ProgID
Entry280 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\Target
Entry281 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\Container
Entry282 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\ShowContainer
Entry283 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\6\\ParameterData
Entry284 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\BlackoutID
Entry285 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\MenuItemAction
Entry286 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\MenuItemText
Entry287 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\ProgID
Entry288 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\Target
Entry289 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\Container
Entry290 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\ShowContainer
Entry291 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\7\\ParameterData
Entry292 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\Container
Entry293 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\MenuItemAction
Entry294 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\MenuItemText
Entry295 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\ProgID
Entry296 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\ShowContainer
Entry297 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\8\\Target
Entry298 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\BlackoutID
Entry299 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\Container
Entry300 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\MenuItemAction
Entry301 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\MenuItemText
Entry302 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\ProgID
Entry303 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\ShowContainer
Entry304 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\9\\Target
Entry305 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\BlackoutControl\0\\FailSafeInterval
Entry306 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\BlackoutControl\1\\FailSafeInterval
Entry307 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\BlackoutControl\2\\FailSafeInterval
Entry308 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\BlackoutControl\3\\FailSafeInterval
Entry309 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\BlackoutControl\4\\FailSafeInterval
Entry310 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\PersistentTasks\0\\ProgID
Entry311 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\PersistentTasks\0\\PersistentTaskName
Entry312 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\UninstallTracking\\TargetURL
Entry313 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\UninstallTracking\\MaxRetries
Entry314 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\UninstallTracking\\RetryIntervalMinutes
Entry315 REG_SZ HKLM\Software\Motive\Rainier\btbb\AppData\Registration\\attr_BuildVersion
Entry316 REG_SZ HKLM\Software\Motive\Rainier\btbb\AppData\Registration\\attr_clienttype
Entry317 REG_SZ HKLM\SOFTWARE\Motive\Rainier\Config\btbb\McciSM\TrustedSigners\Motive Inc\\
Entry318 REG_SZ HKLM\SOFTWARE\Motive\Rainier\Config\btbb\McciSM\TrustedSigners\British Telecommunications Plc\\
Entry319 REG_SZ HKCU\Software\Motive\btbb\ATS\\CollectAutoTelemetry
Entry320 REG_SZ HKCU\SOFTWARE\Motive\Telco\btbb\Install\\InstallFix03
Entry321 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\\AppPath
Entry322 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciBrowser\\AppPath
Entry323 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\\Agent Path
Entry324 REG_SZ HKLM\SOFTWARE\Motive\Rainier\Config\btbb\McciSM\TrustedContainers\BTHelpBrowser.exe\\AppPath
Entry325 REG_SZ HKLM\SOFTWARE\Motive\Rainier\Config\btbb\McciSM\TrustedContainers\BTHelpNotifier.exe\\AppPath
Entry326 REG_SZ HKLM\Software\Motive\Rainier\btbb\AppData\Registration\\attr_BuildVersion
Entry327 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\McciTrayApp\CustomActions\\RelativeScriptPath
Entry328 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb\\Current OCB ID
Entry329 REG_SZ HKLM\SOFTWARE\Motive\Rainier\btbb_portal\\Current OCB ID
Entry330 REG_SZ HKLM\SOFTWARE\Motive\Telco\btbb\servers\\www
Entry331 REG_SZ HKLM\SOFTWARE\Motive\Telco\btbb\servers\\wellknown
Entry332 REG_SZ HKLM\SOFTWARE\Motive\Telco\btbb\servers\\motive
Entry333 REG_SZ HKLM\Software\Motive\Rainier\btbb\AppData\Registration\\attr_BuildVersion
Entry334 REG_SZ HKLM\Software\Motive\Rainier\btbb\InstalledBundles\\AXB.exe
Entry335 REG_SZ HKLM\Software\Motive\Rainier\btbb\InstalledBundles\\CDB.exe
Entry336 REG_SZ HKLM\Software\Motive\Rainier\btbb\InstalledBundles\\AGB.exe
Entry337 REG_SZ HKLM\Software\Motive\Rainier\btbb\InstalledBundles\\OCB.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Launcher_main.exe
REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\Launcher_Main.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ldiscn32.exe
REG_SZ C:\Program Files\LANDesk\LDClient\ldiscn32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LogitechDiagnosticTool.exe
REG_SZ C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\Acme.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LWS.exe
REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ModelFileHandler.exe
REG_SZ C:\Program Files\Common Files\Logishrd\LQCVFX\ModelFileHandler.exe
Path REG_SZ C:\Program Files\Common Files\Logishrd\LQCVFX\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MotionDetection.exe
REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\MotionDetection.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1
Path REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel
REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Shareaza.exe
REG_SZ C:\Program Files\Shareaza\Shareaza.exe
Path REG_SZ C:\Program Files\Shareaza

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoMaskMaker.exe
REG_SZ C:\Program Files\Logitech\LWS\Video Mask Maker\VideoMaskMaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Webcamsnapshot.exe
REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
Path REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\
REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\yourapp.Exe

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{1E73965B-8B48-48be-9C8D-68B920ABC1C4} REG_SZ C:\Program Files\AVG\AVG10\Firefox4\

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61273489.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61273489.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files

muweb.inf
OnlineScanner.inf
QTPlugin.inf
wuweb.inf
xnjvddh

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d8023f0-eb99-11dd-808b-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ff13a44-5c11-11df-91a1-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c002-2b6e-11df-9143-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c12f-2b6e-11df-9143-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{765634a4-c729-11e0-9617-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49a-ba45-11dd-b320-d83806148b38}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49b-ba45-11dd-b320-d83806148b38}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bb793bc-b292-11df-93c9-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c1-ba37-11dd-aa10-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c4-ba37-11dd-aa10-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8a876e-46da-11df-9171-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b64f93-31d2-11df-914b-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477323-fd30-11df-9466-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477324-fd30-11df-9466-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd710eda-6774-11e0-951b-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8117e00-bd40-11dd-b32a-00166fa7d56d}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efebb664-d5de-11df-941f-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2faad9f-5c34-11df-91a4-00166f634dee}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ ABEXL0002
DefaultUserName REG_SZ abbeyfield
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ abbeyfield
AltDefaultDomainName REG_SZ ABEXL0002
ChangePasswordUseKerberos REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Windows Update

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2011-07-13 12:07:40
LastError REG_DWORD 0x0

Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: AVG Anti-Virus Business Edition 2011 *Scanner enabled* (Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

{END OF FILE}

Re: Google Redirect Virus23rd August 2011, 10:23 pm

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

Code:
:files c:\windows\tasks\Nujsfzfpfq.job c:\windows\system32\drivers\xucneurc.sys c:\windows\system32\drivers\irnfrnvp.sys C:\windows\Downloaded Program Files\xnjvddh :reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d8023f0-eb99-11dd-808b-806d6172696f}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ff13a44-5c11-11df-91a1-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c002-2b6e-11df-9143-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c12f-2b6e-11df-9143-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{765634a4-c729-11e0-9617-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49a-ba45-11dd-b320-d83806148b38}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49b-ba45-11dd-b320-d83806148b38}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bb793bc-b292-11df-93c9-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c1-ba37-11dd-aa10-806d6172696f}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c4-ba37-11dd-aa10-806d6172696f}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8a876e-46da-11df-9171-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b64f93-31d2-11df-914b-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477323-fd30-11df-9466-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477324-fd30-11df-9466-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd710eda-6774-11e0-951b-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8117e00-bd40-11dd-b32a-00166fa7d56d}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efebb664-d5de-11df-941f-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2faad9f-5c34-11df-91a4-00166f634dee}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC] :Commands [emptytemp] [purity] [Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re: Google Redirect Virus24th August 2011, 9:39 am

All processes killed
========== FILES ==========
c:\windows\tasks\Nujsfzfpfq.job moved successfully.
c:\windows\system32\drivers\xucneurc.sys moved successfully.
c:\windows\system32\drivers\irnfrnvp.sys moved successfully.
C:\windows\Downloaded Program Files\xnjvddh moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d8023f0-eb99-11dd-808b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d8023f0-eb99-11dd-808b-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ff13a44-5c11-11df-91a1-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ff13a44-5c11-11df-91a1-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c002-2b6e-11df-9143-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e90c002-2b6e-11df-9143-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e90c12f-2b6e-11df-9143-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e90c12f-2b6e-11df-9143-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{765634a4-c729-11e0-9617-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{765634a4-c729-11e0-9617-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49a-ba45-11dd-b320-d83806148b38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81dbc49a-ba45-11dd-b320-d83806148b38}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81dbc49b-ba45-11dd-b320-d83806148b38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81dbc49b-ba45-11dd-b320-d83806148b38}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bb793bc-b292-11df-93c9-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bb793bc-b292-11df-93c9-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c1-ba37-11dd-aa10-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d0f7c1-ba37-11dd-aa10-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d0f7c4-ba37-11dd-aa10-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d0f7c4-ba37-11dd-aa10-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8a876e-46da-11df-9171-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8a876e-46da-11df-9171-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b64f93-31d2-11df-914b-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0b64f93-31d2-11df-914b-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477323-fd30-11df-9466-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9477323-fd30-11df-9466-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9477324-fd30-11df-9466-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9477324-fd30-11df-9466-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd710eda-6774-11e0-951b-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd710eda-6774-11e0-951b-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8117e00-bd40-11dd-b32a-00166fa7d56d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8117e00-bd40-11dd-b32a-00166fa7d56d}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efebb664-d5de-11df-941f-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efebb664-d5de-11df-941f-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2faad9f-5c34-11df-91a4-00166f634dee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2faad9f-5c34-11df-91a4-00166f634dee}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: abbeyfield
->Temp folder emptied: 2222415326 bytes
->Temporary Internet Files folder emptied: 23454536 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17203 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3529307 bytes

Total Files Cleaned = 2,145.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 08242011_103450

Files moved on Reboot...

Registry entries deleted on Reboot...

Re: Google Redirect Virus26th August 2011, 12:31 am

Redirects still happening?

Re: Google Redirect Virus26th August 2011, 3:44 pm

Still having an issue with redirectd, some sites i try and search are bringing up a download box instead?

Re: Google Redirect Virus27th August 2011, 9:58 pm

Do you have a router?

Do you have any more computers on the same network?

Re: Google Redirect Virus29th August 2011, 10:17 am

I do have other computers using the same router and internet connection but not at the same time.

Re: Google Redirect Virus31st August 2011, 10:27 am

Do those same computers redirect searches?

Re: Google Redirect Virus3rd September 2011, 5:54 pm

No only one.

Re: Google Redirect Virus5th September 2011, 11:22 am

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Re: Google Redirect Virus6th September 2011, 7:13 pm

I did get an error messgage before the scan had finished clicked ok to continue

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C13F8-->F7750738 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C8DA6-->F77507DC [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805C8FA0-->F7750878 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805A9964-->F7750914 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF89C643-->F774FDFC [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF85BEEA-->F774FD3C [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C799-->F774FD90 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85F852-->F774FCBA [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x871C6830 [4] System
0x86FCEBE0 [496] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x86444020 [536] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x86E2DDA0 [576] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x86E2A4D8 [736] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8652FDA0 [764] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86376950 [812] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x871462C8 [824] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86514DA0 [996] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x862DEA58 [1028] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x8650A368 [1080] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86FBB4F8 [1120] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x862A44F0 [1180] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x862A4B28 [1188] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x86F79428 [1256] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8655B7A8 [1348] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8655EB28 [1392] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x862B4A38 [1488] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP, -)
0x8651FDA0 [1536] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86FEFBE0 [1604] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x862BC550 [1688] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P., Hewlett-Packard Product Assistant)
0x863B8878 [1708] C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd., CBA -- Ping Discovery Service)
0x864DADA0 [1896] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x862BA800 [1952] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc., Logitech Webcam Software)
0x86293508 [1964] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (-, -)
0x8708F020 [2112] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x862B0DA0 [2152] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8627A020 [2212] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P., HP Digital Imaging Monitor)
0x862A3DA0 [2244] C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (-, -)
0x86348BC0 [2260] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x86272020 [2348] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0x8626ADA0 [2404] C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (-, -)
0x86253B58 [2516] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P., HP Photosmart Premier)
0x862D7020 [2712] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x86312938 [2760] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (-, -)
0x8639E800 [2788] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x86285DA0 [3016] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8646DDA0 [3332] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P., HP CUE Status)
0x865019F0 [3488] C:\Program Files\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc., Logitech Updater)
0x86215A18 [3516] C:\Documents and Settings\abbeyfield\Desktop\7-Zip\RkU3.8.388.590\dave\3bmq7h.exe (UG North, RKULE, SR2 Normandy)
0x86145C60 [3520] C:\Program Files\AVG\AVG10\avgui.exe (AVG Technologies CZ, s.r.o., AVG User Interface)
0x862F19F0 [3556] C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc., Logitech Updater)
0x861EF210 [3728] C:\Program Files\AVG\AVG10\avgscanx.exe (AVG Technologies CZ, s.r.o., AVG Command-line Scanning Utility)
0x86212948 [3832] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8630B3A8 [3928] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x86F94A90 [476] C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o., AVG Alert Manager)
0x870E2558 [1636] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x870DBAF0 [2032] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)
0x862B09E0 [2128] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
==============================================
>Drivers
==============================================
0xF6DD1000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2211840 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7025000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF6C17000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF6B6A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7204000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA37F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6A78000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA4F9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9DCE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF15A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA4B2000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF6D8E000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xA971D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAA343000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF6D14000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF6AD6000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9F16000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71D7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8B0C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA3EF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA43C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA48C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA938E000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6D6A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6FED000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6D47000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9632000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAA41A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA9D36000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF72BA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF730A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7329000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF71BD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72F2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA2B3000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72DA000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7291000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6B3F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA98E9000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6B56000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7011000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA552000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72A8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6B2E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7687000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7507000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76D7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7517000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9CDE000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7597000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xAA0B3000 C:\WINDOWS\system32\Drivers\DgiVecp.sys 57344 bytes (Samsung Electronics Co., Ltd., Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF74C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF75A7000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF74D7000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7537000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75D7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7527000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7567000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7557000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF75E7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7547000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF75C7000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8C43000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75B7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7717000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF781F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF788F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF773F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF771F000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF7877000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF782F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7827000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77FF000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF780F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF787F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF785F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF774F000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7887000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF783F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7847000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7837000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77E7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF78A3000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7963000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF6B0A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7180000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA18F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA1A3000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF796B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA337000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6B1A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA9FF7000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF6B16000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7973000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7953000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79C9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79C7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79CB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79D5000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79CD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79BD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BD7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B29000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BD5000 C:\WINDOWS\system32\DRIVERS\ldmirror.sys 4096 bytes (LANDesk Software, Ltd., Mirror Miniport Driver)
0xF7BD6000 C:\WINDOWS\system32\DRIVERS\mirrorflt.sys 4096 bytes (LANDesk Software, Ltd., Filter Driver for the Windows 2000 Mirror Driver Stack)
0xF7AD0000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002ADA4, Type: Inline - RelativeJump 0x80501DA4-->80501DA3 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002AFC0, Type: Inline - RelativeJump 0x80501FC0-->80501FBF [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002B010, Type: Inline - RelativeJump 0x80502010-->8050200F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006AB0A, Type: Inline - RelativeJump 0x80541B0A-->80541B11 [ntkrnlpa.exe]
[3928]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3928]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3928]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3928]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3928]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3928]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3928]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3928]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Re: Google Redirect Virus9th September 2011, 10:43 am

Sorry I missed this...

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Re: Google Redirect Virus13th September 2011, 9:54 am

I am attempting to run Dr Web but keep getting a blue screen error message about 'dwprot.sys'
forcing me to manually shutdown and reboot

Finally completed

A0044099.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP10;Trojan.DownLoader4.25776;Incurable.Moved.;
A0044103.scr;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP10;Trojan.MulDrop2.44246;Incurable.Moved.;
A0059919.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP13;Trojan.Siggen2.54984;Incurable.Moved.;
A0059922.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP13;Adware.W3i.4 - read error;Invalid path to file ;
Desktop.ini.vir;C:\WINDOWS\assembly\GAC_MSIL;BackDoor.Siggen.34346;Deleted.;

Re: Google Redirect Virus14th September 2011, 11:50 am

The redirects continue?

Re: Google Redirect Virus16th September 2011, 4:40 pm

It doesn't appear to be redirecting.
Very slow to start up with long delays.
Still have the error message regarding System 32

Re: Google Redirect Virus16th September 2011, 9:58 pm

What file does that refer to?

Google Redirect Virus

descriptionRe: Google Redirect Virus3rd August 2011, 12:45 pm

descriptionRe: Google Redirect Virus3rd August 2011, 2:34 pm

descriptionRe: Google Redirect Virus3rd August 2011, 2:56 pm

descriptionRe: Google Redirect Virus3rd August 2011, 4:13 pm

descriptionRe: Google Redirect Virus3rd August 2011, 5:05 pm

descriptionRe: Google Redirect Virus3rd August 2011, 5:20 pm

descriptionRe: Google Redirect Virus3rd August 2011, 6:20 pm

descriptionRe: Google Redirect Virus4th August 2011, 2:47 pm

descriptionRe: Google Redirect Virus4th August 2011, 5:07 pm

descriptionRe: Google Redirect Virus4th August 2011, 6:00 pm

descriptionRe: Google Redirect Virus4th August 2011, 8:10 pm

descriptionRe: Google Redirect Virus5th August 2011, 5:28 pm

descriptionRe: Google Redirect Virus8th August 2011, 10:07 am

descriptionRe: Google Redirect Virus8th August 2011, 7:01 pm

descriptionRe: Google Redirect Virus9th August 2011, 12:47 pm

descriptionRe: Google Redirect Virus9th August 2011, 10:00 pm

descriptionRe: Google Redirect Virus10th August 2011, 8:35 pm

descriptionRe: Google Redirect Virus11th August 2011, 8:53 pm

descriptionRe: Google Redirect Virus12th August 2011, 11:10 am

descriptionRe: Google Redirect Virus12th August 2011, 11:10 am

descriptionRe: Google Redirect Virus12th August 2011, 4:40 pm

descriptionRe: Google Redirect Virus13th August 2011, 10:06 am

descriptionRe: Google Redirect Virus14th August 2011, 3:09 pm

descriptionRe: Google Redirect Virus15th August 2011, 8:22 pm

descriptionRe: Google Redirect Virus17th August 2011, 11:08 am

descriptionRe: Google Redirect Virus17th August 2011, 1:24 pm

descriptionRe: Google Redirect Virus17th August 2011, 1:47 pm

descriptionRe: Google Redirect Virus22nd August 2011, 11:22 am

descriptionRe: Google Redirect Virus23rd August 2011, 11:31 am

descriptionRe: Google Redirect Virus23rd August 2011, 1:59 pm

descriptionRe: Google Redirect Virus23rd August 2011, 3:17 pm

descriptionRe: Google Redirect Virus23rd August 2011, 5:48 pm

descriptionRe: Google Redirect Virus23rd August 2011, 5:50 pm

descriptionRe: Google Redirect Virus23rd August 2011, 5:52 pm

descriptionRe: Google Redirect Virus23rd August 2011, 5:53 pm

descriptionRe: Google Redirect Virus23rd August 2011, 10:23 pm

descriptionRe: Google Redirect Virus24th August 2011, 9:39 am

descriptionRe: Google Redirect Virus26th August 2011, 12:31 am

descriptionRe: Google Redirect Virus26th August 2011, 3:44 pm

descriptionRe: Google Redirect Virus27th August 2011, 9:58 pm

descriptionRe: Google Redirect Virus29th August 2011, 10:17 am

descriptionRe: Google Redirect Virus31st August 2011, 10:27 am

descriptionRe: Google Redirect Virus3rd September 2011, 5:54 pm

descriptionRe: Google Redirect Virus5th September 2011, 11:22 am

descriptionRe: Google Redirect Virus6th September 2011, 7:13 pm

descriptionRe: Google Redirect Virus9th September 2011, 10:43 am

descriptionRe: Google Redirect Virus13th September 2011, 9:54 am

descriptionRe: Google Redirect Virus14th September 2011, 11:50 am

descriptionRe: Google Redirect Virus16th September 2011, 4:40 pm

descriptionRe: Google Redirect Virus16th September 2011, 9:58 pm

descriptionRe: Google Redirect Virus

Re: Google Redirect Virus3rd August 2011, 12:45 pm

Re: Google Redirect Virus3rd August 2011, 2:34 pm

Re: Google Redirect Virus3rd August 2011, 2:56 pm

Re: Google Redirect Virus3rd August 2011, 4:13 pm

Re: Google Redirect Virus3rd August 2011, 5:05 pm

Re: Google Redirect Virus3rd August 2011, 5:20 pm

Re: Google Redirect Virus3rd August 2011, 6:20 pm

Re: Google Redirect Virus4th August 2011, 2:47 pm

Re: Google Redirect Virus4th August 2011, 5:07 pm

Re: Google Redirect Virus4th August 2011, 6:00 pm

Re: Google Redirect Virus4th August 2011, 8:10 pm

Re: Google Redirect Virus5th August 2011, 5:28 pm

Re: Google Redirect Virus8th August 2011, 10:07 am

Re: Google Redirect Virus8th August 2011, 7:01 pm

Re: Google Redirect Virus9th August 2011, 12:47 pm

Re: Google Redirect Virus9th August 2011, 10:00 pm

Re: Google Redirect Virus10th August 2011, 8:35 pm

Re: Google Redirect Virus11th August 2011, 8:53 pm

Re: Google Redirect Virus12th August 2011, 11:10 am

Re: Google Redirect Virus12th August 2011, 11:10 am

Re: Google Redirect Virus12th August 2011, 4:40 pm

Re: Google Redirect Virus13th August 2011, 10:06 am

Re: Google Redirect Virus14th August 2011, 3:09 pm

Re: Google Redirect Virus15th August 2011, 8:22 pm

Re: Google Redirect Virus17th August 2011, 11:08 am

Re: Google Redirect Virus17th August 2011, 1:24 pm

Re: Google Redirect Virus17th August 2011, 1:47 pm

Re: Google Redirect Virus22nd August 2011, 11:22 am

Re: Google Redirect Virus23rd August 2011, 11:31 am

Re: Google Redirect Virus23rd August 2011, 1:59 pm

Re: Google Redirect Virus23rd August 2011, 3:17 pm

Re: Google Redirect Virus23rd August 2011, 5:48 pm

Re: Google Redirect Virus23rd August 2011, 5:50 pm

Re: Google Redirect Virus23rd August 2011, 5:52 pm

Re: Google Redirect Virus23rd August 2011, 5:53 pm

Re: Google Redirect Virus23rd August 2011, 10:23 pm

Re: Google Redirect Virus24th August 2011, 9:39 am

Re: Google Redirect Virus26th August 2011, 12:31 am

Re: Google Redirect Virus26th August 2011, 3:44 pm

Re: Google Redirect Virus27th August 2011, 9:58 pm

Re: Google Redirect Virus29th August 2011, 10:17 am

Re: Google Redirect Virus31st August 2011, 10:27 am

Re: Google Redirect Virus3rd September 2011, 5:54 pm

Re: Google Redirect Virus5th September 2011, 11:22 am

Re: Google Redirect Virus6th September 2011, 7:13 pm

Re: Google Redirect Virus9th September 2011, 10:43 am

Re: Google Redirect Virus13th September 2011, 9:54 am

Re: Google Redirect Virus14th September 2011, 11:50 am

Re: Google Redirect Virus16th September 2011, 4:40 pm

Re: Google Redirect Virus16th September 2011, 9:58 pm

Re: Google Redirect Virus